Skip to content

GitLab

Open
Created by Administrator@rootMaintainer

Findings for Container Security, Medium, [TheRedHatter/javagoof:Dockerfile]:Out-of-bounds Read

Created by: armorcodegithubpreprod[bot]

Findings for Container Security, Medium, [TheRedHatter/javagoof:Dockerfile]:Out-of-bounds Read

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><2.2.1-8+deb9u4
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream cups package. See How to fix? for Debian:9 relevant versions.

In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the printer service with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><1.0.2l-2+deb9u2
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl1.0 package. See How to fix? for Debian:9 relevant versions.

OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><0.23.3-2+deb9u1
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream p11-kit package. See How to fix? for Debian:9 relevant versions.

An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><1.0.27-3+deb9u1
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libsndfile package. See How to fix? for Debian:9 relevant versions.

It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><1:1.5.1-2+deb9u1
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libjpeg-turbo package. See How to fix? for Debian:9 relevant versions.

get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><2.2.1-8+deb9u5
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream cups package. See How to fix? for Debian:9 relevant versions.

In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><1.0.27-3+deb9u1
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libsndfile package. See How to fix? for Debian:9 relevant versions.

An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><2.9.4+dfsg1-2.2+deb9u3
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libxml2 package. See How to fix? for Debian:9 relevant versions.

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><0.168-1+deb9u1
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream elfutils package. See How to fix? for Debian:9 relevant versions.

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><1.0.27-3+deb9u1
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libsndfile package. See How to fix? for Debian:9 relevant versions.

There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc package.

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><0.168-1+deb9u1
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream elfutils package. See How to fix? for Debian:9 relevant versions.

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><1.3.5-4+deb9u1
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libvorbis package. See How to fix? for Debian:9 relevant versions.

In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><1.3.2-2+deb9u1
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream flac package. See How to fix? for Debian:9 relevant versions.

In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><0.168-1+deb9u1
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream elfutils package. See How to fix? for Debian:9 relevant versions.

dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active