Findings for Container Security, Low, [TheRedHatter/javagoof:exploits/tomcat-rce/Dockerfile]:Use After Free (#1857) · Issues · Administrator / ticket

Findings for Container Security, Low, [TheRedHatter/javagoof:exploits/tomcat-rce/Dockerfile]:Use After Free

Created by: armorcodegithubpreprod[bot]

Findings for Container Security, Low, [TheRedHatter/javagoof:exploits/tomcat-rce/Dockerfile]:Use After Free

Component Details

Exploit Maturity: no-known-exploit
Vulnerable Package: -
Current Version: -
Vulnerable Version(s): >*
Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream binutils package.

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

Exploit Maturity: no-known-exploit
Vulnerable Package: -
Current Version: -
Vulnerable Version(s): >*
Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libsepol package.

The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

Exploit Maturity: no-known-exploit
Vulnerable Package: -
Current Version: -
Vulnerable Version(s): >*
Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream bluez package.

In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

Exploit Maturity: no-known-exploit
Vulnerable Package: -
Current Version: -
Vulnerable Version(s): >*
Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream tiff package.

** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

Exploit Maturity: no-known-exploit
Vulnerable Package: -
Current Version: -
Vulnerable Version(s): >*
Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libsepol package.

The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

Exploit Maturity: no-known-exploit
Vulnerable Package: -
Current Version: -
Vulnerable Version(s): >*
Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libsepol package.

The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

Exploit Maturity: no-known-exploit
Vulnerable Package: -
Current Version: -
Vulnerable Version(s): >*
Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream binutils package.

GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active