Findings for Container Security, High, [TheRedHatter/javagoof:Dockerfile]:Out-of-bounds Read
Created by: armorcodegithubpreprod[bot]
Findings for Container Security, High, [TheRedHatter/javagoof:Dockerfile]:Out-of-bounds Read
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><2:3.26.2-1.1+deb9u2
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream nss
package.
See How to fix?
for Debian:9
relevant versions.
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
References
- CVE Details
- Debian Security Tracker
- GENTOO
- GENTOO
- MLIST
- Mozilla Security Advisory
- Mozilla Security Advisory
- Mozilla Security Advisory
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- RedHat Bugzilla Bug
- RHSA Security Advisory
- SUSE
- SUSE
- SUSE
- Ubuntu CVE Tracker
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><1.0.27-3+deb9u1
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream libsndfile
package.
See How to fix?
for Debian:9
relevant versions.
An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
References
- Debian Security Announcement
- Debian Security Tracker
- GENTOO
- GitHub Issue
- MLIST
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><3.16.2-5+deb9u2
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream sqlite3
package.
See How to fix?
for Debian:9
relevant versions.
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.
References
- Debian Security Tracker
- Fedora Security Update
- Fedora Security Update
- GENTOO
- MISC
- MISC
- MISC
- MISC
- MISC
- MLIST
- Netapp Security Advisory
- OpenSuse Security Announcement
- Security Focus
- UBUNTU
- Ubuntu CVE Tracker
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><1.3.5-4+deb9u3
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream libvorbis
package.
See How to fix?
for Debian:9
relevant versions.
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><1.0.27-3+deb9u1
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream libsndfile
package.
See How to fix?
for Debian:9
relevant versions.
An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
References
- Debian Security Announcement
- Debian Security Tracker
- GENTOO
- GitHub Issue
- MLIST
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): >*
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream giflib
package.
An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><1.7.0-1+deb9u2
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream libssh2
package.
See How to fix?
for Debian:9
relevant versions.
In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.
References
- CONFIRM
- CONFIRM
- CONFIRM
- Debian Security Announcement
- Debian Security Tracker
- FEDORA
- FEDORA
- GitHub Diff
- GitHub PR
- MISC
- MISC
- MLIST
- MLIST
- Ubuntu CVE Tracker
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><2.50.3-2+deb9u1
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream glib2.0
package.
See How to fix?
for Debian:9
relevant versions.
GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().
References
- Debian Security Announcement
- Debian Security Tracker
- MISC
- MISC
- MLIST
- MLIST
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
- Ubuntu Security Advisory
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><5.24.1-3+deb9u3
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream perl
package.
See How to fix?
for Debian:9
relevant versions.
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
References
- CONFIRM
- CVE Details
- Debian Security Advisory
- Debian Security Tracker
- Gentoo Security Advisory
- MISC
- RHSA Security Advisory
- Security Tracker
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><1.0.2u-1~deb9u6
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream openssl1.0
package.
See How to fix?
for Debian:9
relevant versions.
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><1.0.27-3+deb9u1
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream libsndfile
package.
See How to fix?
for Debian:9
relevant versions.
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.
References
- CVE Details
- Debian Security Announcement
- Debian Security Tracker
- GitHub Issue
- MLIST
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><1:1.5.1-2+deb9u1
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream libjpeg-turbo
package.
See How to fix?
for Debian:9
relevant versions.
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><2.2.0-2+deb9u3
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream expat
package.
See How to fix?
for Debian:9
relevant versions.
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
References
- ADVISORY
- BUGTRAQ
- BUGTRAQ
- BUGTRAQ
- BUGTRAQ
- BUGTRAQ
- BUGTRAQ
- BUGTRAQ
- Bugtraq Mailing List
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- DEBIAN
- DEBIAN
- DEBIAN
- Debian Security Tracker
- FEDORA
- FEDORA
- FEDORA
- FULLDISC
- FULLDISC
- FULLDISC
- FULLDISC
- GENTOO
- GitHub Commit
- GitHub Issue
- GitHub Issue
- GitHub PR
- MISC
- MISC
- MISC
- MISC
- MLIST
- MLIST
- N/A
- REDHAT
- REDHAT
- REDHAT
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- UBUNTU
- UBUNTU
- UBUNTU
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
- Ubuntu Security Advisory
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><1.1.0l-1~deb9u4
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream openssl
package.
See How to fix?
for Debian:9
relevant versions.
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><2.4.44+dfsg-5+deb9u7
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream openldap
package.
See How to fix?
for Debian:9
relevant versions.
A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).
References
- ADVISORY
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- DEBIAN
- FULLDISC
- FULLDISC
- FULLDISC
- MISC
- MISC
- MISC
- MLIST
- MLIST
- MLIST
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><1.3.5-4+deb9u3
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream libvorbis
package.
See How to fix?
for Debian:9
relevant versions.
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><7.52.1-5+deb9u9
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream curl
package.
See How to fix?
for Debian:9
relevant versions.
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (lib/vauth/ntlm.c:ntlm_decode_type2_target
) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.
References
- Apache Security Advisory
- CONFIRM
- CONFIRM
- CVE Details
- Debian Security Advisory
- Debian Security Tracker
- MISC
- Netapp Security Advisory
- Oracle Security Advisory
- Oracle Security Advisory
- REDHAT
- RedHat Bugzilla Bug
- Security Focus
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><7.52.1-5+deb9u9
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream curl
package.
See How to fix?
for Debian:9
relevant versions.
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to smtp_endofresp()
isn't NUL terminated and contains no character ending the parsed number, and len
is set to 5, then the strtol()
call reads beyond the allocated buffer. The read contents will not be returned to the caller.
References
- Apache Security Advisory
- CONFIRM
- CVE Details
- Debian Security Advisory
- Debian Security Tracker
- Gentoo Security Advisory
- MISC
- Netapp Security Advisory
- Oracle Security Advisory
- Oracle Security Advisory
- REDHAT
- RedHat Bugzilla Bug
- Security Focus
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><4.0.8-2+deb9u2
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream tiff
package.
See How to fix?
for Debian:9
relevant versions.
In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.
References
- CVE Details
- Debian Security Advisory
- Debian Security Announcement
- Debian Security Tracker
- MISC
- Security Focus
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
Origin : null Type : null Image Id : null
Snyk Project Status: Active