Findings for Container Security, Critical, [TheRedHatter/javagoof:Dockerfile]:Integer Overflow or Wraparound
Created by: armorcodegithubpreprod[bot]
Findings for Container Security, Critical, [TheRedHatter/javagoof:Dockerfile]:Integer Overflow or Wraparound
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><1.33-1+deb9u1
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream libidn
package.
See How to fix?
for Debian:9
relevant versions.
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
References
- CONFIRM
- CONFIRM
- Debian Security Advisory
- Debian Security Announcement
- Debian Security Tracker
- Ubuntu CVE Tracker
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><7.52.1-5+deb9u3
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream curl
package.
See How to fix?
for Debian:9
relevant versions.
The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.
References
- CONFIRM
- CONFIRM
- CVE Details
- Debian Security Advisory
- Debian Security Tracker
- Gentoo Security Advisory
- RHSA Security Advisory
- Security Focus
- Security Tracker
- Security Tracker
- Ubuntu CVE Tracker
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><0.16-1+deb9u1
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream libidn2-0
package.
See How to fix?
for Debian:9
relevant versions.
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
References
- CONFIRM
- CONFIRM
- Debian Security Advisory
- Debian Security Announcement
- Debian Security Tracker
- Ubuntu CVE Tracker
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><7.52.1-5+deb9u7
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream curl
package.
See How to fix?
for Debian:9
relevant versions.
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)
References
- CONFIRM
- CONFIRM
- CONFIRM
- CVE Details
- Debian Security Advisory
- Debian Security Tracker
- Gentoo Security Advisory
- REDHAT
- RedHat Bugzilla Bug
- RHSA Security Advisory
- Security Tracker
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
- Ubuntu Security Advisory
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): >*
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream glibc
package.
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active