Findings for Container Security, Critical, [TheRedHatter/javagoof:Dockerfile]:Integer Overflow or Wraparound (#1667) · Issues · Administrator / ticket

Findings for Container Security, Critical, [TheRedHatter/javagoof:Dockerfile]:Integer Overflow or Wraparound

Created by: armorcodegithubpreprod[bot]

Findings for Container Security, Critical, [TheRedHatter/javagoof:Dockerfile]:Integer Overflow or Wraparound

Component Details

Exploit Maturity: no-known-exploit
Vulnerable Package: -
Current Version: -
Vulnerable Version(s): ><1.33-1+deb9u1
Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libidn package. See How to fix? for Debian:9 relevant versions.

Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

Exploit Maturity: no-known-exploit
Vulnerable Package: -
Current Version: -
Vulnerable Version(s): ><7.52.1-5+deb9u3
Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See How to fix? for Debian:9 relevant versions.

The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

Exploit Maturity: no-known-exploit
Vulnerable Package: -
Current Version: -
Vulnerable Version(s): ><0.16-1+deb9u1
Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libidn2-0 package. See How to fix? for Debian:9 relevant versions.

Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

Exploit Maturity: no-known-exploit
Vulnerable Package: -
Current Version: -
Vulnerable Version(s): ><7.52.1-5+deb9u7
Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See How to fix? for Debian:9 relevant versions.

curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

Exploit Maturity: no-known-exploit
Vulnerable Package: -
Current Version: -
Vulnerable Version(s): >*
Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc package.

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active