Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-4904 (GCVE-0-2022-4904)
Vulnerability from cvelistv5 – Published: 2023-03-06 00:00 – Updated: 2025-12-02 20:25
VLAI?
EPSS
Summary
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
Severity ?
8.6 (High)
CWE
- CWE-20 - >CWE-119
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:55:45.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/c-ares/c-ares/issues/496"
},
{
"name": "FEDORA-2023-30e81e5293",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/"
},
{
"name": "GLSA-202401-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-4904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T20:25:39.134662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T20:25:58.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "c-ares",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20-\u003eCWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-05T10:06:27.302Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
},
{
"url": "https://github.com/c-ares/c-ares/issues/496"
},
{
"name": "FEDORA-2023-30e81e5293",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/"
},
{
"name": "GLSA-202401-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202401-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-4904",
"datePublished": "2023-03-06T00:00:00.000Z",
"dateReserved": "2023-02-09T00:00:00.000Z",
"dateUpdated": "2025-12-02T20:25:58.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2168631\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/c-ares/c-ares/issues/496\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/\", \"name\": \"FEDORA-2023-30e81e5293\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-02\", \"name\": \"GLSA-202401-02\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T01:55:45.918Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-4904\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-02T20:25:39.134662Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-03T18:31:49.596Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"c-ares\", \"versions\": [{\"status\": \"affected\", \"version\": \"unknown\"}]}], \"references\": [{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2168631\"}, {\"url\": \"https://github.com/c-ares/c-ares/issues/496\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/\", \"name\": \"FEDORA-2023-30e81e5293\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-02\", \"name\": \"GLSA-202401-02\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20-\u003eCWE-119\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2024-01-05T10:06:27.302Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-4904\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-02T20:25:58.780Z\", \"dateReserved\": \"2023-02-09T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2023-03-06T00:00:00.000Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CVE-2022-4904
Vulnerability from fstec - Published: 06.03.2023
VLAI Severity ?
Title
Уязвимость функции ares_set_sortlist библиотеки асинхронных DNS-запросов c-ares, позволяющая нарушителю вызвать отказ в обслуживании или оказать ограниченное влияния на конфиденциальность и целостность
Description
Уязвимость функции ares_set_sortlist библиотеки асинхронных DNS-запросов c-ares связана с отсутствием проверки достоверности входной строки, что допускает возможное переполнение стека произвольной длины. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании или оказать ограниченное влияния на конфиденциальность и целостность
Severity ?
Vendor
Red Hat Inc., Canonical Ltd., Сообщество свободного программного обеспечения, ООО «Ред Софт», ООО «РусБИТех-Астра», Fedora Project, АО «НТЦ ИТ РОСА», АО "НППКТ", АО «ИВК», ООО «Открытая мобильная платформа»
Software Name
Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, Red Hat Software Collections, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), Fedora, c-ares, ROSA Virtualization (запись в едином реестре российских программ №5091), РОСА ХРОМ (запись в едином реестре российских программ №1607), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), АЛЬТ СП 10, ОС Аврора (запись в едином реестре российских программ №1543)
Software Version
7 (Red Hat Enterprise Linux), 18.04 LTS (Ubuntu), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), - (Red Hat Software Collections), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 36 (Fedora), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 22.10 (Ubuntu), до 1.18.1-2 (c-ares), 2.1 (ROSA Virtualization), 12.4 (РОСА ХРОМ), до 2.8 (ОСОН ОСнова Оnyx), - (АЛЬТ СП 10), до 5.1.5 включительно (ОС Аврора)
Possible Mitigations
Использование рекомендаций:
Для c-ares:
https://github.com/c-ares/c-ares/pull/497
https://github.com/c-ares/c-ares/commit/9903253c347f9e0bffd285ae3829aef251cc852d
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2022-4904
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2022-4904
Для Ubuntu:
https://ubuntu.com/security/notices/USN-5907-1
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения c-ares до версии 1.14.0-1+deb10u3
Для ОС АЛЬТ СП 10: установка обновления из публичного репозитория программного средства
Для операционной системы РОСА ХРОМ: https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2284
Для системы управления средой виртуализации «ROSA Virtualization» : https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2246
Для ОС Astra Linux Special Edition 1.7:
обновить пакет c-ares до 1.14.0-1+deb10u2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0303SE17MD
Для ОС Аврора: https://cve.omp.ru/bb30515
Reference
https://github.com/c-ares/c-ares/pull/497
https://github.com/c-ares/c-ares/commit/9903253c347f9e0bffd285ae3829aef251cc852d
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
https://security-tracker.debian.org/tracker/CVE-2022-4904
https://access.redhat.com/security/cve/CVE-2022-4904
https://ubuntu.com/security/notices/USN-5907-1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.8/
https://altsp.su/obnovleniya-bezopasnosti/
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2284
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2246
https://cve.omp.ru/bb30515
CWE
CWE-20, CWE-119
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Fedora Project, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 18.04 LTS (Ubuntu), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), - (Red Hat Software Collections), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 36 (Fedora), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 22.10 (Ubuntu), \u0434\u043e 1.18.1-2 (c-ares), 2.1 (ROSA Virtualization), 12.4 (\u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c), \u0434\u043e 2.8 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10), \u0434\u043e 5.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (\u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f c-ares:\nhttps://github.com/c-ares/c-ares/pull/497\nhttps://github.com/c-ares/c-ares/commit/9903253c347f9e0bffd285ae3829aef251cc852d\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2022-4904\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2022-4904\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-5907-1\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f c-ares \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.14.0-1+deb10u3\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u041b\u042c\u0422 \u0421\u041f 10: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c: https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2284\n\n\u0414\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u00abROSA Virtualization\u00bb : https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2246\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 1.7:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 c-ares \u0434\u043e 1.14.0-1+deb10u2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0303SE17MD\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430: https://cve.omp.ru/bb30515",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "06.03.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.01.2026",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "17.03.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-01258",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-4904",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, Red Hat Software Collections, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Fedora, c-ares, ROSA Virtualization (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041b\u042c\u0422 \u0421\u041f 10, \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 18.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Canonical Ltd. Ubuntu 20.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Fedora Project Fedora 36 , Canonical Ltd. Ubuntu 22.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 9 , Canonical Ltd. Ubuntu 22.10 , \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 2.1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c 12.4 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - , \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 \u0434\u043e 5.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 ares_set_sortlist \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0430\u0441\u0438\u043d\u0445\u0440\u043e\u043d\u043d\u044b\u0445 DNS-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 c-ares, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0435 \u0432\u043b\u0438\u044f\u043d\u0438\u044f \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0438 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20), \u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 ares_set_sortlist \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0430\u0441\u0438\u043d\u0445\u0440\u043e\u043d\u043d\u044b\u0445 DNS-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 c-ares \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u043d\u043e\u0441\u0442\u0438 \u0432\u0445\u043e\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438, \u0447\u0442\u043e \u0434\u043e\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0441\u0442\u0435\u043a\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0439 \u0434\u043b\u0438\u043d\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0435 \u0432\u043b\u0438\u044f\u043d\u0438\u044f \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0438 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438, \u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/c-ares/c-ares/pull/497\nhttps://github.com/c-ares/c-ares/commit/9903253c347f9e0bffd285ae3829aef251cc852d\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://security-tracker.debian.org/tracker/CVE-2022-4904\nhttps://access.redhat.com/security/cve/CVE-2022-4904\nhttps://ubuntu.com/security/notices/USN-5907-1\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.8/\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2284\nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2246\nhttps://cve.omp.ru/bb30515",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20, CWE-119",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,6)"
}
GSD-2022-4904
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-4904",
"description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.",
"id": "GSD-2022-4904",
"references": [
"https://advisories.mageia.org/CVE-2022-4904.html",
"https://www.suse.com/security/cve/CVE-2022-4904.html",
"https://ubuntu.com/security/CVE-2022-4904"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-4904"
],
"details": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.",
"id": "GSD-2022-4904",
"modified": "2023-12-13T01:19:15.807185Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-4904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "c-ares",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20-\u003eCWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
},
{
"name": "https://github.com/c-ares/c-ares/issues/496",
"refsource": "MISC",
"url": "https://github.com/c-ares/c-ares/issues/496"
},
{
"name": "FEDORA-2023-30e81e5293",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/"
},
{
"name": "GLSA-202401-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202401-02"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.19.0",
"affected_versions": "All versions before 1.19.0",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-1284",
"CWE-937"
],
"date": "2023-06-22",
"description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.",
"fixed_versions": [
"1.19.0"
],
"identifier": "CVE-2022-4904",
"identifiers": [
"CVE-2022-4904"
],
"not_impacted": "All versions starting from 1.19.0",
"package_slug": "conan/c-ares",
"pubdate": "2023-03-06",
"solution": "Upgrade to version 1.19.0 or above.",
"title": "Improper Input Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-4904",
"https://bugzilla.redhat.com/show_bug.cgi?id=2168631",
"https://github.com/c-ares/c-ares/issues/496",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/"
],
"uuid": "6ab4a5f3-d3c7-44d4-9689-54f3d1788a37"
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:c-ares_project:c-ares:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A324E7D7-4A6F-41B9-9615-AEBAC4EB1332",
"versionEndExcluding": "1.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*",
"matchCriteriaId": "749804DA-4B27-492A-9ABA-6BB562A6B3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity."
}
],
"id": "CVE-2022-4904",
"lastModified": "2024-01-05T10:15:10.403",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-06T23:15:11.390",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/c-ares/c-ares/issues/496"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/202401-02"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
}
}
}
}
cve-2022-4904
Vulnerability from osv_almalinux
Published
2023-04-04 00:00
Modified
2023-04-20 12:04
Summary
Moderate: nodejs:16 security, bug fix, and enhancement update
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (16.19.1).
Security Fix(es):
- glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
- c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)
- http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)
- Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)
- Node.js: OpenSSL error handling issues in nodejs crypto library (CVE-2023-23919)
- Node.js: Fetch API did not protect against CRLF injection in host headers (CVE-2023-23936)
- Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)
- Node.js: Regular Expression Denial of Service in Headers fetch API (CVE-2023-24807)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.19.1-1.module_el8.7.0+3496+a59a3324"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.19.1-1.module_el8.7.0+3496+a59a3324"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.19.1-1.module_el8.7.0+3496+a59a3324"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-full-i18n"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.19.1-1.module_el8.7.0+3496+a59a3324"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-nodemon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.20-3.module_el8.7.0+3496+a59a3324"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-packaging"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "25-1.module_el8.5.0+2605+45d748af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "npm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.19.3-1.16.19.1.1.module_el8.7.0+3496+a59a3324"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (16.19.1).\n\nSecurity Fix(es):\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)\n* Node.js: OpenSSL error handling issues in nodejs crypto library (CVE-2023-23919)\n* Node.js: Fetch API did not protect against CRLF injection in host headers (CVE-2023-23936)\n* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)\n* Node.js: Regular Expression Denial of Service in Headers fetch API (CVE-2023-24807)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:1582",
"modified": "2023-04-20T12:04:52Z",
"published": "2023-04-04T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:1582"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-35065"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-25881"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-4904"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-23918"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-23919"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-23920"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-23936"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-24807"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2156324"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2165824"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2168631"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2171935"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2172170"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2172190"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2172204"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2172217"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2023-1582.html"
}
],
"related": [
"CVE-2021-35065",
"CVE-2022-4904",
"CVE-2022-25881",
"CVE-2023-23918",
"CVE-2023-23919",
"CVE-2023-23936",
"CVE-2023-23920",
"CVE-2023-24807"
],
"summary": "Moderate: nodejs:16 security, bug fix, and enhancement update"
}
cve-2022-4904
Vulnerability from osv_almalinux
Published
2023-05-09 00:00
Modified
2023-05-11 21:02
Summary
Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (16.19.1), nodejs-nodemon (2.0.20).
Security Fix(es):
- c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)
- http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)
- Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)
- Node.js: Fetch API did not protect against CRLF injection in host headers (CVE-2023-23936)
- Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)
- Node.js: Regular Expression Denial of Service in Headers fetch API (CVE-2023-24807)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.19.1-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.19.1-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs-full-i18n"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.19.1-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.19.1-1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "npm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.19.3-1.16.19.1.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (16.19.1), nodejs-nodemon (2.0.20).\n\nSecurity Fix(es):\n\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)\n* Node.js: Fetch API did not protect against CRLF injection in host headers (CVE-2023-23936)\n* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)\n* Node.js: Regular Expression Denial of Service in Headers fetch API (CVE-2023-24807)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:2655",
"modified": "2023-05-11T21:02:44Z",
"published": "2023-05-09T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:2655"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-25881"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-4904"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-23918"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-23920"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-23936"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-24807"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2165824"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2168631"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2171935"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2172190"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2172204"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2172217"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2023-2655.html"
}
],
"related": [
"CVE-2022-4904",
"CVE-2022-25881",
"CVE-2023-23918",
"CVE-2023-23936",
"CVE-2023-23920",
"CVE-2023-24807"
],
"summary": "Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update"
}
cve-2022-4904
Vulnerability from osv_almalinux
Published
2023-05-09 00:00
Modified
2023-05-11 21:13
Summary
Moderate: nodejs:18 security, bug fix, and enhancement update
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (18.14.2).
Security Fix(es):
- glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
- c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)
- http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)
- Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)
- Node.js: OpenSSL error handling issues in nodejs crypto library (CVE-2023-23919)
- Node.js: Fetch API did not protect against CRLF injection in host headers (CVE-2023-23936)
- Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)
- Node.js: Regular Expression Denial of Service in Headers fetch API (CVE-2023-24807)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:18.14.2-2.module_el9.2.0+29+de583a0b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:18.14.2-2.module_el9.2.0+29+de583a0b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:18.14.2-2.module_el9.2.0+29+de583a0b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs-full-i18n"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:18.14.2-2.module_el9.2.0+29+de583a0b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs-nodemon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.20-2.module_el9.2.0+29+de583a0b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs-packaging"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2021.06-4.module_el9.1.0+13+d9a595ea"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs-packaging-bundler"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2021.06-4.module_el9.1.0+13+d9a595ea"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "npm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.5.0-1.18.14.2.2.module_el9.2.0+29+de583a0b"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (18.14.2).\n\nSecurity Fix(es):\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)\n* Node.js: OpenSSL error handling issues in nodejs crypto library (CVE-2023-23919)\n* Node.js: Fetch API did not protect against CRLF injection in host headers (CVE-2023-23936)\n* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)\n* Node.js: Regular Expression Denial of Service in Headers fetch API (CVE-2023-24807)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:2654",
"modified": "2023-05-11T21:13:57Z",
"published": "2023-05-09T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:2654"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-35065"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-25881"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-4904"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-23918"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-23919"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-23920"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-23936"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-24807"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2156324"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2165824"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2168631"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2171935"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2172170"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2172190"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2172204"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2172217"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2023-2654.html"
}
],
"related": [
"CVE-2021-35065",
"CVE-2022-4904",
"CVE-2022-25881",
"CVE-2023-23918",
"CVE-2023-23919",
"CVE-2023-23936",
"CVE-2023-23920",
"CVE-2023-24807"
],
"summary": "Moderate: nodejs:18 security, bug fix, and enhancement update"
}
cve-2022-4904
Vulnerability from osv_almalinux
Published
2023-04-12 00:00
Modified
2023-04-20 13:00
Summary
Important: nodejs:14 security, bug fix, and enhancement update
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (14.21.3).
Security Fix(es):
- decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)
- glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
- nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
- c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)
- http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)
- Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)
- Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:14.21.3-1.module_el8.7.0+3551+53700ee8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:14.21.3-1.module_el8.7.0+3551+53700ee8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:14.21.3-1.module_el8.7.0+3551+53700ee8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-full-i18n"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:14.21.3-1.module_el8.7.0+3551+53700ee8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-nodemon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.20-3.module_el8.7.0+3551+53700ee8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-packaging"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "23-3.module_el8.4.0+2522+3bd42762"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "npm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.14.18-1.14.21.3.1.module_el8.7.0+3551+53700ee8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (14.21.3).\n\nSecurity Fix(es):\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)\n* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:1743",
"modified": "2023-04-20T13:00:15Z",
"published": "2023-04-12T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:1743"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-35065"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-25881"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-3517"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-38900"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-4904"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-23918"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-23920"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2134609"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2156324"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2165824"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2168631"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170644"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2171935"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2172217"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2023-1743.html"
}
],
"related": [
"CVE-2022-38900",
"CVE-2021-35065",
"CVE-2022-3517",
"CVE-2022-4904",
"CVE-2022-25881",
"CVE-2023-23918",
"CVE-2023-23920"
],
"summary": "Important: nodejs:14 security, bug fix, and enhancement update"
}
cve-2022-4904
Vulnerability from osv_almalinux
Published
2023-11-07 00:00
Modified
2023-11-14 12:05
Summary
Moderate: c-ares security, bug fix, and enhancement update
Details
The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API.
The following packages have been upgraded to a later upstream version: c-ares (1.19.1). (BZ#2210370)
Security Fix(es):
- c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)
- c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)
- c-ares: Insufficient randomness in generation of DNS query IDs (CVE-2023-31147)
- c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation (CVE-2023-31124)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "c-ares"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.19.1-1.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "c-ares-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.19.1-1.el9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API.\n\nThe following packages have been upgraded to a later upstream version: c-ares (1.19.1). (BZ#2210370)\n\nSecurity Fix(es):\n\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n* c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)\n* c-ares: Insufficient randomness in generation of DNS query IDs (CVE-2023-31147)\n* c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation (CVE-2023-31124)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2023:6635",
"modified": "2023-11-14T12:05:49Z",
"published": "2023-11-07T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:6635"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-4904"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-31124"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-31130"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-31147"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2168631"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2209494"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2209497"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2209501"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2023-6635.html"
}
],
"related": [
"CVE-2022-4904",
"CVE-2023-31130",
"CVE-2023-31147",
"CVE-2023-31124"
],
"summary": "Moderate: c-ares security, bug fix, and enhancement update"
}
cve-2022-4904
Vulnerability from osv_almalinux
Published
2023-11-14 00:00
Modified
2023-11-24 10:32
Summary
Moderate: c-ares security update
Details
The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API.
Security Fix(es):
- c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "c-ares"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.0-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "c-ares-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.0-8.el8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API.\n\nSecurity Fix(es):\n\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2023:7116",
"modified": "2023-11-24T10:32:56Z",
"published": "2023-11-14T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:7116"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-4904"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2168631"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2023-7116.html"
}
],
"related": [
"CVE-2022-4904"
],
"summary": "Moderate: c-ares security update"
}
cve-2022-4904
Vulnerability from osv_almalinux
Published
2023-07-12 00:00
Modified
2023-07-12 21:27
Summary
Important: nodejs:18 security update
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
- c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)
- c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)
- c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)
- c-ares: Insufficient randomness in generation of DNS query IDs (CVE-2023-31147)
- c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation (CVE-2023-31124)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:18.14.2-3.module_el8.8.0+3587+ee652244"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:18.14.2-3.module_el8.8.0+3587+ee652244"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:18.14.2-3.module_el8.8.0+3587+ee652244"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-full-i18n"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:18.14.2-3.module_el8.8.0+3587+ee652244"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-nodemon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.20-2.module_el8.8.0+3587+ee652244"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-packaging"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2021.06-4.module_el8.7.0+3343+ea2b7901"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-packaging-bundler"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2021.06-4.module_el8.7.0+3343+ea2b7901"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "npm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:9.5.0-1.18.14.2.3.module_el8.8.0+3587+ee652244"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n* c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)\n* c-ares: Insufficient randomness in generation of DNS query IDs (CVE-2023-31147)\n* c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation (CVE-2023-31124)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:4035",
"modified": "2023-07-12T21:27:18Z",
"published": "2023-07-12T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:4035"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-4904"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-31124"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-31130"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-31147"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-32067"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2168631"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2209494"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2209497"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2209501"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2209502"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2023-4035.html"
}
],
"related": [
"CVE-2023-32067",
"CVE-2022-4904",
"CVE-2023-31130",
"CVE-2023-31147",
"CVE-2023-31124"
],
"summary": "Important: nodejs:18 security update"
}
CERTFR-2023-AVI-0499
Vulnerability from certfr_avis - Published: 2023-06-30 - Updated: 2023-06-30
De multiples vulnérabilités ont été découvertes dans Tenable Nessus Network Monitor. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Tenable | Nessus Network Monitor | Nessus Network Monitor versions antérieures à 6.2.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus Network Monitor versions ant\u00e9rieures \u00e0 6.2.2",
"product": {
"name": "Nessus Network Monitor",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2020-13871",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13871"
},
{
"name": "CVE-2022-46908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46908"
},
{
"name": "CVE-2016-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
},
{
"name": "CVE-2019-19317",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19317"
},
{
"name": "CVE-2020-24977",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24977"
},
{
"name": "CVE-2012-5134",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
},
{
"name": "CVE-2016-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4609"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2020-13434",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2016-9596",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9596"
},
{
"name": "CVE-2021-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
},
{
"name": "CVE-2013-0338",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0338"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2021-3537",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3537"
},
{
"name": "CVE-2019-19244",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19244"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2017-1000381",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000381"
},
{
"name": "CVE-2021-36690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
},
{
"name": "CVE-2023-31124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31124"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2020-13632",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
},
{
"name": "CVE-2019-20838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2022-23395",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23395"
},
{
"name": "CVE-2022-4904",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2017-1000061",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000061"
},
{
"name": "CVE-2017-9048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9048"
},
{
"name": "CVE-2019-19926",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19926"
},
{
"name": "CVE-2020-9327",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9327"
},
{
"name": "CVE-2019-9936",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9936"
},
{
"name": "CVE-2012-6139",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2020-35525",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35525"
},
{
"name": "CVE-2017-9050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9050"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2017-16932",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
},
{
"name": "CVE-2013-1969",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1969"
},
{
"name": "CVE-2017-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5029"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2010-4494",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4494"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2019-19956",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19956"
},
{
"name": "CVE-2015-9019",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2016-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3705"
},
{
"name": "CVE-2020-13630",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
},
{
"name": "CVE-2015-8241",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8241"
},
{
"name": "CVE-2016-3189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3189"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2011-3970",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3970"
},
{
"name": "CVE-2019-19646",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19646"
},
{
"name": "CVE-2012-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
},
{
"name": "CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"name": "CVE-2011-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2016-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
},
{
"name": "CVE-2019-19925",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19925"
},
{
"name": "CVE-2019-11068",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11068"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2019-19924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19924"
},
{
"name": "CVE-2022-29824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29824"
},
{
"name": "CVE-2013-0339",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0339"
},
{
"name": "CVE-2016-1684",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
},
{
"name": "CVE-2020-11656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2019-20388",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20388"
},
{
"name": "CVE-2019-13117",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13117"
},
{
"name": "CVE-2019-20218",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20218"
},
{
"name": "CVE-2023-31147",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31147"
},
{
"name": "CVE-2018-14567",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14567"
},
{
"name": "CVE-2015-7499",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
},
{
"name": "CVE-2023-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29469"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2016-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
},
{
"name": "CVE-2017-5130",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5130"
},
{
"name": "CVE-2019-8457",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8457"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2015-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2022-40303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2015-5312",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2019-19242",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19242"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2020-7595",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7595"
},
{
"name": "CVE-2016-2073",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2073"
},
{
"name": "CVE-2015-7497",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7497"
},
{
"name": "CVE-2015-7941",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7941"
},
{
"name": "CVE-2016-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-7942",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7942"
},
{
"name": "CVE-2015-8710",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8710"
},
{
"name": "CVE-2019-19880",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19880"
},
{
"name": "CVE-2015-7498",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7498"
},
{
"name": "CVE-2015-8317",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8317"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2021-3672",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3672"
},
{
"name": "CVE-2015-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2016-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
},
{
"name": "CVE-2021-31239",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31239"
},
{
"name": "CVE-2016-9598",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9598"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2019-13118",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13118"
},
{
"name": "CVE-2016-4607",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4607"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2020-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
},
{
"name": "CVE-2018-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2016-3709",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3709"
},
{
"name": "CVE-2016-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2016-9597",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9597"
},
{
"name": "CVE-2015-8806",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8806"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2019-19645",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19645"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2016-5180",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5180"
},
{
"name": "CVE-2013-2877",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2877"
},
{
"name": "CVE-2021-45346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45346"
},
{
"name": "CVE-2020-11655",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
},
{
"name": "CVE-2010-4008",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
},
{
"name": "CVE-2021-3541",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3541"
},
{
"name": "CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"name": "CVE-2019-16168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16168"
},
{
"name": "CVE-2021-30560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30560"
},
{
"name": "CVE-2021-20227",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20227"
},
{
"name": "CVE-2017-7376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7376"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2022-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
},
{
"name": "CVE-2014-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
},
{
"name": "CVE-2017-9049",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9049"
},
{
"name": "CVE-2019-19923",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19923"
},
{
"name": "CVE-2023-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2019-9937",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9937"
},
{
"name": "CVE-2019-5815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5815"
},
{
"name": "CVE-2019-19959",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19959"
},
{
"name": "CVE-2019-19603",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19603"
},
{
"name": "CVE-2011-1202",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1202"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2017-8872",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8872"
},
{
"name": "CVE-2020-35527",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35527"
},
{
"name": "CVE-2016-1683",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
},
{
"name": "CVE-2021-3518",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3518"
},
{
"name": "CVE-2017-5969",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5969"
},
{
"name": "CVE-2020-13435",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
},
{
"name": "CVE-2016-4483",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4483"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2013-4520",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4520"
}
],
"initial_release_date": "2023-06-30T00:00:00",
"last_revision_date": "2023-06-30T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0499",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus\nNetwork Monitor. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une\nex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus Network Monitor",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2023-23 du 29 juin 2023",
"url": "https://www.tenable.com/security/tns-2023-23"
}
]
}
CERTFR-2024-AVI-0119
Vulnerability from certfr_avis - Published: 2024-02-13 - Updated: 2024-02-13
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une élévation de privilèges et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) versions antérieures à V2.4 | ||
| Siemens | N/A | SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions antérieures à V2.4 | ||
| Siemens | N/A | SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) versions antérieures à V2.4 | ||
| Siemens | N/A | Simcenter Femap versions antérieures à V2401.0000 | ||
| Siemens | N/A | SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) versions antérieures à V2.4 | ||
| Siemens | N/A | Parasolid V36.0 versions antérieures à V36.0.198 | ||
| Siemens | N/A | SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) versions antérieures à V2.4 | ||
| Siemens | N/A | SCALANCE SC646-2C (6GK5646-2GS00-2AC2) versions antérieures à V3.1 | ||
| Siemens | N/A | SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) versions antérieures à V2.4 | ||
| Siemens | N/A | SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) versions antérieures à V2.4 | ||
| Siemens | N/A | SCALANCE SC636-2C (6GK5636-2GS00-2AC2) versions antérieures à V3.1 | ||
| Siemens | N/A | Location Intelligence SUS Small (9DE5110-8CA11-1BX0) versions antérieures à V4.3 | ||
| Siemens | N/A | SIMATIC WinCC V7.5 versions antérieures à V7.5 SP2 Update 15 | ||
| Siemens | N/A | SINEC NMS versions antérieures à V2.0 SP1 | ||
| Siemens | N/A | SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) versions antérieures à V2.4 | ||
| Siemens | N/A | SIMATIC WinCC V8.0 versions antérieures à V8.0 SP4 | ||
| Siemens | N/A | SIDIS Prime versions antérieures à V4.0.400 | ||
| Siemens | N/A | SCALANCE XCH328 (6GK5328-4TS01-2EC2) versions antérieures à V2.4 | ||
| Siemens | N/A | Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) versions antérieures à V4.3 | ||
| Siemens | N/A | SCALANCE SC642-2C (6GK5642-2GS00-2AC2) versions antérieures à V3.1 | ||
| Siemens | N/A | SCALANCE XCM324 (6GK5324-8TS01-2AC2) versions antérieures à V2.4 | ||
| Siemens | N/A | Parasolid V35.1 versions antérieures à V35.1.252 | ||
| Siemens | N/A | Tecnomatix Plant Simulation V2201 versions antérieures à V2201.0012 | ||
| Siemens | N/A | RUGGEDCOM APE1808 avec Nozomi Guardian / CMC antérieures à 23.3.0 | ||
| Siemens | N/A | Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) versions antérieures à V4.3 | ||
| Siemens | N/A | SCALANCE SC632-2C (6GK5632-2GS00-2AC2) versions antérieures à V3.1 | ||
| Siemens | N/A | Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) versions antérieures à V4.3 | ||
| Siemens | N/A | Location Intelligence SUS Large (9DE5110-8CA13-1BX0) versions antérieures à V4.3 | ||
| Siemens | N/A | SCALANCE XCM328 (6GK5328-4TS01-2AC2) versions antérieures à V2.4 | ||
| Siemens | N/A | SCALANCE SC626-2C (6GK5626-2GS00-2AC2) versions antérieures à V3.1 | ||
| Siemens | N/A | Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) versions antérieures à V4.3 | ||
| Siemens | N/A | Tecnomatix Plant Simulation V2302 versions antérieures à V2302.0006 | ||
| Siemens | N/A | Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) versions antérieures à V4.3 | ||
| Siemens | N/A | SCALANCE SC622-2C (6GK5622-2GS00-2AC2) versions antérieures à V3.1 | ||
| Siemens | N/A | Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) versions antérieures à V4.3 | ||
| Siemens | N/A | Parasolid V35.0 versions antérieures à V35.0.263 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) versions ant\u00e9rieures \u00e0 V2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions ant\u00e9rieures \u00e0 V2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) versions ant\u00e9rieures \u00e0 V2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Simcenter Femap versions ant\u00e9rieures \u00e0 V2401.0000",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) versions ant\u00e9rieures \u00e0 V2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid V36.0 versions ant\u00e9rieures \u00e0 V36.0.198",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) versions ant\u00e9rieures \u00e0 V2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC646-2C (6GK5646-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) versions ant\u00e9rieures \u00e0 V2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) versions ant\u00e9rieures \u00e0 V2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC636-2C (6GK5636-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Location Intelligence SUS Small (9DE5110-8CA11-1BX0) versions ant\u00e9rieures \u00e0 V4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 SP2 Update 15",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC NMS versions ant\u00e9rieures \u00e0 V2.0 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) versions ant\u00e9rieures \u00e0 V2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V8.0 versions ant\u00e9rieures \u00e0 V8.0 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIDIS Prime versions ant\u00e9rieures \u00e0 V4.0.400",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XCH328 (6GK5328-4TS01-2EC2) versions ant\u00e9rieures \u00e0 V2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) versions ant\u00e9rieures \u00e0 V4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC642-2C (6GK5642-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XCM324 (6GK5324-8TS01-2AC2) versions ant\u00e9rieures \u00e0 V2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid V35.1 versions ant\u00e9rieures \u00e0 V35.1.252",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Tecnomatix Plant Simulation V2201 versions ant\u00e9rieures \u00e0 V2201.0012",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808 avec Nozomi Guardian / CMC ant\u00e9rieures \u00e0 23.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) versions ant\u00e9rieures \u00e0 V4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC632-2C (6GK5632-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) versions ant\u00e9rieures \u00e0 V4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Location Intelligence SUS Large (9DE5110-8CA13-1BX0) versions ant\u00e9rieures \u00e0 V4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XCM328 (6GK5328-4TS01-2AC2) versions ant\u00e9rieures \u00e0 V2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC626-2C (6GK5626-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) versions ant\u00e9rieures \u00e0 V4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Tecnomatix Plant Simulation V2302 versions ant\u00e9rieures \u00e0 V2302.0006",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) versions ant\u00e9rieures \u00e0 V4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC622-2C (6GK5622-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) versions ant\u00e9rieures \u00e0 V4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid V35.0 versions ant\u00e9rieures \u00e0 V35.0.263",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2023-49691",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49691"
},
{
"name": "CVE-2022-46393",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46393"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2022-41556",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41556"
},
{
"name": "CVE-2023-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3316"
},
{
"name": "CVE-2023-3006",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3006"
},
{
"name": "CVE-2023-51440",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51440"
},
{
"name": "CVE-2023-23946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23946"
},
{
"name": "CVE-2023-28466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28466"
},
{
"name": "CVE-2023-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1838"
},
{
"name": "CVE-2023-30772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30772"
},
{
"name": "CVE-2023-45622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45622"
},
{
"name": "CVE-2023-44321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44321"
},
{
"name": "CVE-2022-29162",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29162"
},
{
"name": "CVE-2023-30585",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30585"
},
{
"name": "CVE-2024-23803",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23803"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-44317",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44317"
},
{
"name": "CVE-2023-38199",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38199"
},
{
"name": "CVE-2022-36760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36760"
},
{
"name": "CVE-2022-47629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47629"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2023-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
},
{
"name": "CVE-2021-45451",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45451"
},
{
"name": "CVE-2022-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26691"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2023-30583",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30583"
},
{
"name": "CVE-2021-36369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36369"
},
{
"name": "CVE-2023-25727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25727"
},
{
"name": "CVE-2023-30086",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30086"
},
{
"name": "CVE-2022-41409",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41409"
},
{
"name": "CVE-2023-3390",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
},
{
"name": "CVE-2023-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0330"
},
{
"name": "CVE-2023-2002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2002"
},
{
"name": "CVE-2024-23812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23812"
},
{
"name": "CVE-2023-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26965"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-45617",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45617"
},
{
"name": "CVE-2023-31124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31124"
},
{
"name": "CVE-2024-24925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24925"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2024-22042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22042"
},
{
"name": "CVE-2023-50236",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50236"
},
{
"name": "CVE-2022-23521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23521"
},
{
"name": "CVE-2023-40283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40283"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2022-28739",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28739"
},
{
"name": "CVE-2022-41903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41903"
},
{
"name": "CVE-2023-23934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
},
{
"name": "CVE-2022-4904",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-35788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2024-23816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23816"
},
{
"name": "CVE-2022-3515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3515"
},
{
"name": "CVE-2023-1393",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1393"
},
{
"name": "CVE-2006-20001",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-20001"
},
{
"name": "CVE-2022-36021",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36021"
},
{
"name": "CVE-2022-39189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39189"
},
{
"name": "CVE-2024-24922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24922"
},
{
"name": "CVE-2022-38725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38725"
},
{
"name": "CVE-2024-24923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24923"
},
{
"name": "CVE-2022-39260",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39260"
},
{
"name": "CVE-2022-29862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29862"
},
{
"name": "CVE-2024-23800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23800"
},
{
"name": "CVE-2023-39417",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39417"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2022-3437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3437"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2022-4743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4743"
},
{
"name": "CVE-2023-1989",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1989"
},
{
"name": "CVE-2022-28738",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28738"
},
{
"name": "CVE-2023-1855",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1855"
},
{
"name": "CVE-2023-3247",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3247"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2023-32559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32559"
},
{
"name": "CVE-2023-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0494"
},
{
"name": "CVE-2023-35828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35828"
},
{
"name": "CVE-2022-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37797"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2023-31084",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31084"
},
{
"name": "CVE-2023-3090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3090"
},
{
"name": "CVE-2022-45919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45919"
},
{
"name": "CVE-2024-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24921"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2023-45625",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45625"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2023-4128",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4128"
},
{
"name": "CVE-2023-31436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31436"
},
{
"name": "CVE-2023-32558",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32558"
},
{
"name": "CVE-2023-2194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2194"
},
{
"name": "CVE-2023-33203",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33203"
},
{
"name": "CVE-2022-41861",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41861"
},
{
"name": "CVE-2024-23813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23813"
},
{
"name": "CVE-2022-34918",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34918"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2024-23802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23802"
},
{
"name": "CVE-2021-43666",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43666"
},
{
"name": "CVE-2023-22490",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22490"
},
{
"name": "CVE-2023-0568",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0568"
},
{
"name": "CVE-2024-23798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23798"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2023-32003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32003"
},
{
"name": "CVE-2023-1859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1859"
},
{
"name": "CVE-2023-48363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48363"
},
{
"name": "CVE-2022-1015",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1015"
},
{
"name": "CVE-2023-32004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32004"
},
{
"name": "CVE-2023-44320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44320"
},
{
"name": "CVE-2022-29187",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29187"
},
{
"name": "CVE-2023-3111",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3111"
},
{
"name": "CVE-2023-28709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
},
{
"name": "CVE-2023-30587",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30587"
},
{
"name": "CVE-2023-30589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30589"
},
{
"name": "CVE-2022-46392",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46392"
},
{
"name": "CVE-2023-28487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
},
{
"name": "CVE-2023-1670",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1670"
},
{
"name": "CVE-2023-31489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31489"
},
{
"name": "CVE-2023-32005",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32005"
},
{
"name": "CVE-2023-45618",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45618"
},
{
"name": "CVE-2023-20593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
},
{
"name": "CVE-2024-23810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23810"
},
{
"name": "CVE-2023-30582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30582"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2022-41862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41862"
},
{
"name": "CVE-2019-19135",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19135"
},
{
"name": "CVE-2022-28737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28737"
},
{
"name": "CVE-2023-31147",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31147"
},
{
"name": "CVE-2022-45142",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45142"
},
{
"name": "CVE-2023-22742",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22742"
},
{
"name": "CVE-2022-2586",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2586"
},
{
"name": "CVE-2022-36227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36227"
},
{
"name": "CVE-2023-27522",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27522"
},
{
"name": "CVE-2022-37454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37454"
},
{
"name": "CVE-2022-48434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48434"
},
{
"name": "CVE-2023-25155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25155"
},
{
"name": "CVE-2023-0160",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0160"
},
{
"name": "CVE-2023-5253",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5253"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2022-42919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42919"
},
{
"name": "CVE-2023-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49125"
},
{
"name": "CVE-2021-3445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3445"
},
{
"name": "CVE-2023-30581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30581"
},
{
"name": "CVE-2023-45627",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45627"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-30584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30584"
},
{
"name": "CVE-2024-23801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23801"
},
{
"name": "CVE-2024-24924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24924"
},
{
"name": "CVE-2022-4744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4744"
},
{
"name": "CVE-2023-35945",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35945"
},
{
"name": "CVE-2023-36664",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36664"
},
{
"name": "CVE-2023-21255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21255"
},
{
"name": "CVE-2023-1990",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1990"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2021-4037",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4037"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2023-36617",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36617"
},
{
"name": "CVE-2023-38559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38559"
},
{
"name": "CVE-2023-35824",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35824"
},
{
"name": "CVE-2023-45616",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45616"
},
{
"name": "CVE-2023-45624",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45624"
},
{
"name": "CVE-2023-45614",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45614"
},
{
"name": "CVE-2023-35823",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35823"
},
{
"name": "CVE-2023-46120",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46120"
},
{
"name": "CVE-2023-30586",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30586"
},
{
"name": "CVE-2023-30588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30588"
},
{
"name": "CVE-2023-1380",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1380"
},
{
"name": "CVE-2023-3776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
},
{
"name": "CVE-2023-44319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44319"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2024-23811",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23811"
},
{
"name": "CVE-2023-35789",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35789"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2024-22043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22043"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-4194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4194"
},
{
"name": "CVE-2023-39418",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39418"
},
{
"name": "CVE-2023-2454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2454"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2023-2269",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2269"
},
{
"name": "CVE-2022-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29154"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2023-26081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26081"
},
{
"name": "CVE-2022-34903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34903"
},
{
"name": "CVE-2023-44322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44322"
},
{
"name": "CVE-2023-32573",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32573"
},
{
"name": "CVE-2023-34969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
},
{
"name": "CVE-2023-45619",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45619"
},
{
"name": "CVE-2023-48364",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48364"
},
{
"name": "CVE-2023-3863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3863"
},
{
"name": "CVE-2022-24834",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24834"
},
{
"name": "CVE-2023-30590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30590"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2023-36054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36054"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2023-25690",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25690"
},
{
"name": "CVE-2022-1348",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1348"
},
{
"name": "CVE-2023-2861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2861"
},
{
"name": "CVE-2023-25588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25588"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2023-3141",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3141"
},
{
"name": "CVE-2023-34872",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34872"
},
{
"name": "CVE-2023-30456",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30456"
},
{
"name": "CVE-2023-0567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0567"
},
{
"name": "CVE-2024-23799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23799"
},
{
"name": "CVE-2021-3638",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3638"
},
{
"name": "CVE-2023-34256",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34256"
},
{
"name": "CVE-2024-23796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23796"
},
{
"name": "CVE-2022-4415",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4415"
},
{
"name": "CVE-2023-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
},
{
"name": "CVE-2023-3301",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3301"
},
{
"name": "CVE-2023-0662",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0662"
},
{
"name": "CVE-2023-3212",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3212"
},
{
"name": "CVE-2023-35001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
},
{
"name": "CVE-2022-44370",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44370"
},
{
"name": "CVE-2023-45620",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45620"
},
{
"name": "CVE-2023-34035",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34035"
},
{
"name": "CVE-2022-41860",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41860"
},
{
"name": "CVE-2024-23795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23795"
},
{
"name": "CVE-2023-45615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45615"
},
{
"name": "CVE-2022-29536",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29536"
},
{
"name": "CVE-2023-49692",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49692"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2020-1967",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1967"
},
{
"name": "CVE-2023-22745",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22745"
},
{
"name": "CVE-2022-3294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3294"
},
{
"name": "CVE-2023-32006",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32006"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2023-45621",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45621"
},
{
"name": "CVE-2024-23804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23804"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2020-11896",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11896"
},
{
"name": "CVE-2023-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
},
{
"name": "CVE-2023-44373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44373"
},
{
"name": "CVE-2023-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
},
{
"name": "CVE-2023-45626",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45626"
},
{
"name": "CVE-2023-1206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1206"
},
{
"name": "CVE-2022-37436",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37436"
},
{
"name": "CVE-2024-23797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23797"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2023-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
},
{
"name": "CVE-2023-32233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32233"
},
{
"name": "CVE-2023-38039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38039"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2023-0590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0590"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-1611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1611"
},
{
"name": "CVE-2023-28486",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
},
{
"name": "CVE-2024-24920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24920"
},
{
"name": "CVE-2023-3268",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3268"
},
{
"name": "CVE-2023-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0361"
},
{
"name": "CVE-2023-27537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
},
{
"name": "CVE-2023-45623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45623"
},
{
"name": "CVE-2023-32002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32002"
},
{
"name": "CVE-2022-4900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4900"
},
{
"name": "CVE-2023-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
},
{
"name": "CVE-2022-48303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48303"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2023-28450",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28450"
}
],
"initial_release_date": "2024-02-13T00:00:00",
"last_revision_date": "2024-02-13T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0119",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Siemens\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune \u00e9l\u00e9vation de privil\u00e8ges et une ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-000072 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-000072.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-602936 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-602936.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-647068 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-647068.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-943925 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-943925.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-753746 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-753746.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-806742 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-806742.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-580228 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-580228.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-716164 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-716164.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-797296 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-797296.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-108696 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-108696.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-871717 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-871717.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-516818 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-516818.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-017796 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-543502 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-543502.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-665034 du 13 f\u00e9vrier 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-665034.html"
}
]
}
CERTFR-2025-AVI-0170
Vulnerability from certfr_avis - Published: 2025-02-28 - Updated: 2025-02-28
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 12.2.4 IF4 | ||
| IBM | QRadar | QRadar Data Synchronization versions antérieures à 3.2.1 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 iFix 02 | ||
| IBM | WebSphere | WebSphere Application Server versions 9.0.x sans le correctif de sécurité temporaire PH16353 ou antérieures à 9.0.5.2 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.x antérieures à 6.1.0.2 iFix 02 | ||
| IBM | Cognos Dashboards | Cognos Dashboards on Cloud Pak for Data versions 4.x sans le dernier correctif de sécurité | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 IF2 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.0.x antérieures à 6.0.3.1 iFix 02 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.2.x antérieures à 6.2.0.1 iFix 01 | ||
| IBM | Cognos Dashboards | Cognos Dashboards on Cloud Pak for Data versions 5.x antérieures à 5.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 12.2.4 IF4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Data Synchronization versions ant\u00e9rieures \u00e0 3.2.1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 iFix 02",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.0.x sans le correctif de s\u00e9curit\u00e9 temporaire PH16353 ou ant\u00e9rieures \u00e0 9.0.5.2",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.2 iFix 02",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions 4.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Cognos Dashboards",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 IF2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 iFix 02",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.1 iFix 01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions 5.x ant\u00e9rieures \u00e0 5.1",
"product": {
"name": "Cognos Dashboards",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-21536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21536"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2023-35946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35946"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2015-7450",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7450"
},
{
"name": "CVE-2022-48554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
},
{
"name": "CVE-2018-19797",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19797"
},
{
"name": "CVE-2023-28523",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28523"
},
{
"name": "CVE-2021-27290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2023-31124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31124"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2023-23936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
},
{
"name": "CVE-2018-19827",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19827"
},
{
"name": "CVE-2018-11694",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11694"
},
{
"name": "CVE-2024-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39331"
},
{
"name": "CVE-2022-4904",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2024-30205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30205"
},
{
"name": "CVE-2024-40094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40094"
},
{
"name": "CVE-2023-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
},
{
"name": "CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-30203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30203"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2021-35065",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2023-31147",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31147"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2024-56340",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56340"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2024-45216",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45216"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-28527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28527"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2019-6286",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6286"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2018-19839",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19839"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-45217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45217"
},
{
"name": "CVE-2024-38999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38999"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2018-20821",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20821"
},
{
"name": "CVE-2019-6283",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6283"
},
{
"name": "CVE-2023-35947",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35947"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2023-23919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2024-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30204"
},
{
"name": "CVE-2018-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20190"
},
{
"name": "CVE-2023-28526",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28526"
},
{
"name": "CVE-2023-28155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28155"
},
{
"name": "CVE-2018-11698",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11698"
},
{
"name": "CVE-2025-0823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0823"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2023-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
}
],
"initial_release_date": "2025-02-28T00:00:00",
"last_revision_date": "2025-02-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0170",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-02-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7183676",
"url": "https://www.ibm.com/support/pages/node/7183676"
},
{
"published_at": "2019-11-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 1107105",
"url": "https://www.ibm.com/support/pages/node/1107105"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184475",
"url": "https://www.ibm.com/support/pages/node/7184475"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184474",
"url": "https://www.ibm.com/support/pages/node/7184474"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184092",
"url": "https://www.ibm.com/support/pages/node/7184092"
},
{
"published_at": "2025-02-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184217",
"url": "https://www.ibm.com/support/pages/node/7184217"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184476",
"url": "https://www.ibm.com/support/pages/node/7184476"
}
]
}
FKIE_CVE-2022-4904
Vulnerability from fkie_nvd - Published: 2023-03-06 23:15 - Updated: 2025-12-02 21:15
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Summary
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2168631 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://github.com/c-ares/c-ares/issues/496 | Exploit, Issue Tracking | |
| secalert@redhat.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/ | ||
| secalert@redhat.com | https://security.gentoo.org/glsa/202401-02 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2168631 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/c-ares/c-ares/issues/496 | Exploit, Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202401-02 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| c-ares_project | c-ares | * | |
| redhat | software_collections | - | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| fedoraproject | fedora | 36 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:c-ares_project:c-ares:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A324E7D7-4A6F-41B9-9615-AEBAC4EB1332",
"versionEndExcluding": "1.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*",
"matchCriteriaId": "749804DA-4B27-492A-9ABA-6BB562A6B3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity."
}
],
"id": "CVE-2022-4904",
"lastModified": "2025-12-02T21:15:50.887",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-03-06T23:15:11.390",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/c-ares/c-ares/issues/496"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/202401-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/c-ares/c-ares/issues/496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202401-02"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-V7H6-G695-5J7Q
Vulnerability from github – Published: 2023-03-07 00:30 – Updated: 2025-12-02 21:31
VLAI?
Details
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
Severity ?
8.6 (High)
{
"affected": [],
"aliases": [
"CVE-2022-4904"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-1284",
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-06T23:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.",
"id": "GHSA-v7h6-g695-5j7q",
"modified": "2025-12-02T21:31:24Z",
"published": "2023-03-07T00:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904"
},
{
"type": "WEB",
"url": "https://github.com/c-ares/c-ares/issues/496"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33LDNS6RPOPP36Z4MPWXALUQZXJCWJS2"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…