Docker buildpack-deps:testing

Vulnerabilities

133 via 537 paths

Dependencies

409

Source

Group 6 Copy Created with Sketch. Docker

Target OS

debian:unstable
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 9
  • 7
  • 117
Status
  • 133
  • 0
  • 0

high severity

Missing Release of Resource after Effective Lifetime

  • Vulnerable module: binutils
  • Introduced through: binutils@2.35.1-7, binutils/binutils-common@2.35.1-7 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* binutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-common@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-x86-64-linux-gnu@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libbinutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf-nobfd0@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf0@2.35.1-7

Overview

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.

References

high severity
new

Incorrect Conversion between Numeric Types

  • Vulnerable module: glib2.0/libglib2.0-0
  • Introduced through: glib2.0/libglib2.0-0@2.66.6-1, glib2.0/libglib2.0-bin@2.66.6-1 and others
  • Fixed in: 2.66.7-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* glib2.0/libglib2.0-0@2.66.6-1
  • Introduced through: buildpack-deps:testing@* glib2.0/libglib2.0-bin@2.66.6-1
  • Introduced through: buildpack-deps:testing@* glib2.0/libglib2.0-data@2.66.6-1
  • Introduced through: buildpack-deps:testing@* glib2.0/libglib2.0-dev@2.66.6-1
  • Introduced through: buildpack-deps:testing@* glib2.0/libglib2.0-dev-bin@2.66.6-1

Overview

Affected versions of this package are vulnerable to Incorrect Conversion between Numeric Types. An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.

Remediation

Upgrade glib2.0 to version or higher.

References

high severity

Reachable Assertion

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.31-9, glibc/libc-dev-bin@2.31-9 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* glibc/libc-bin@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc-dev-bin@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc6@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc6-dev@2.31-9

Overview

Affected versions of this package are vulnerable to Reachable Assertion. The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

Remediation

There is no fixed version for glibc.

References

high severity
new

Reachable Assertion

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.57+dfsg-1
  • Fixed in: 2.4.57+dfsg-2

Detailed paths

  • Introduced through: buildpack-deps:testing@* openldap/libldap-2.4-2@2.4.57+dfsg-1

Overview

Affected versions of this package are vulnerable to Reachable Assertion. In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.

Remediation

Upgrade openldap to version or higher.

References

high severity
new

Integer Overflow or Wraparound

  • Vulnerable module: openssl
  • Introduced through: openssl@1.1.1i-3, openssl/libssl-dev@1.1.1i-3 and others
  • Fixed in: 1.1.1j-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* openssl@1.1.1i-3
  • Introduced through: buildpack-deps:testing@* openssl/libssl-dev@1.1.1i-3
  • Introduced through: buildpack-deps:testing@* openssl/libssl1.1@1.1.1i-3

Overview

Affected versions of this package are vulnerable to Integer Overflow or Wraparound. Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

Remediation

Upgrade openssl to version or higher.

References

high severity
new

Integer Overflow or Wraparound

  • Vulnerable module: openssl
  • Introduced through: openssl@1.1.1i-3, openssl/libssl-dev@1.1.1i-3 and others
  • Fixed in: 1.1.1j-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* openssl@1.1.1i-3
  • Introduced through: buildpack-deps:testing@* openssl/libssl-dev@1.1.1i-3
  • Introduced through: buildpack-deps:testing@* openssl/libssl1.1@1.1.1i-3

Overview

Affected versions of this package are vulnerable to Integer Overflow or Wraparound. The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

Remediation

Upgrade openssl to version or higher.

References

high severity
new

HTTP Request Smuggling

  • Vulnerable module: python3.9
  • Introduced through: python3.9@3.9.1-4, python3.9/libpython3.9-minimal@3.9.1-4 and others
  • Fixed in: 3.9.2-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* python3.9@3.9.1-4
  • Introduced through: buildpack-deps:testing@* python3.9/libpython3.9-minimal@3.9.1-4
  • Introduced through: buildpack-deps:testing@* python3.9/libpython3.9-stdlib@3.9.1-4
  • Introduced through: buildpack-deps:testing@* python3.9/python3.9-minimal@3.9.1-4

Overview

Affected versions of this package are vulnerable to HTTP Request Smuggling. The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.

Remediation

Upgrade python3.9 to version or higher.

References

high severity

Out-of-bounds Read

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.34.1-1 and sqlite3/libsqlite3-dev@3.34.1-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* sqlite3/libsqlite3-0@3.34.1-1
  • Introduced through: buildpack-deps:testing@* sqlite3/libsqlite3-dev@3.34.1-1

Overview

Affected versions of this package are vulnerable to Out-of-bounds Read. An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.

Remediation

There is no fixed version for sqlite3.

References

high severity

Information Exposure

  • Vulnerable module: systemd/libsystemd0
  • Introduced through: systemd/libsystemd0@247.3-1 and systemd/libudev1@247.3-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* systemd/libsystemd0@247.3-1
  • Introduced through: buildpack-deps:testing@* systemd/libudev1@247.3-1

Overview

systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.

References

medium severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: binutils
  • Introduced through: binutils@2.35.1-7, binutils/binutils-common@2.35.1-7 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* binutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-common@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-x86-64-linux-gnu@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libbinutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf-nobfd0@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf0@2.35.1-7

Overview

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c.

References

medium severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: binutils
  • Introduced through: binutils@2.35.1-7, binutils/binutils-common@2.35.1-7 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* binutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-common@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-x86-64-linux-gnu@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libbinutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf-nobfd0@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf0@2.35.1-7

Overview

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c.

References

medium severity

Resource Exhaustion

  • Vulnerable module: binutils
  • Introduced through: binutils@2.35.1-7, binutils/binutils-common@2.35.1-7 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* binutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-common@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-x86-64-linux-gnu@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libbinutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf-nobfd0@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf0@2.35.1-7

Overview

An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.

References

medium severity
new

Double Free

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.31-9, glibc/libc-dev-bin@2.31-9 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* glibc/libc-bin@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc-dev-bin@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc6@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc6-dev@2.31-9

Overview

Affected versions of this package are vulnerable to Double Free. The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.

Remediation

There is no fixed version for glibc.

References

medium severity

Cryptographic Issues

  • Vulnerable module: libgcrypt20
  • Introduced through: libgcrypt20@1.8.7-2

Detailed paths

  • Introduced through: buildpack-deps:testing@* libgcrypt20@1.8.7-2

Overview

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)

References

medium severity

Missing Release of Resource after Effective Lifetime

  • Vulnerable module: libpng1.6/libpng-dev
  • Introduced through: libpng1.6/libpng-dev@1.6.37-3 and libpng1.6/libpng16-16@1.6.37-3

Detailed paths

  • Introduced through: buildpack-deps:testing@* libpng1.6/libpng-dev@1.6.37-3
  • Introduced through: buildpack-deps:testing@* libpng1.6/libpng16-16@1.6.37-3

Overview

gif2png 2.5.13 has a memory leak in the writefile function.

References

medium severity
new

Incorrect Authorization

  • Vulnerable module: postgresql-13/libpq-dev
  • Introduced through: postgresql-13/libpq-dev@13.1-1+b1 and postgresql-13/libpq5@13.1-1+b1
  • Fixed in: 13.2-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* postgresql-13/libpq-dev@13.1-1+b1
  • Introduced through: buildpack-deps:testing@* postgresql-13/libpq5@13.1-1+b1

Overview

Affected versions of this package are vulnerable to Incorrect Authorization. A flaw was found in PostgreSQL in versions before 13.2, before 12.6, before 11.11, before 10.16, before 9.6.21 and before 9.5.25. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.

Remediation

Upgrade postgresql-13 to version or higher.

References

low severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: apt
  • Introduced through: apt@2.1.18 and apt/libapt-pkg6.0@2.1.18

Detailed paths

  • Introduced through: buildpack-deps:testing@* apt@2.1.18
  • Introduced through: buildpack-deps:testing@* apt/libapt-pkg6.0@2.1.18

Overview

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.

References

low severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: binutils
  • Introduced through: binutils@2.35.1-7, binutils/binutils-common@2.35.1-7 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* binutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-common@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-x86-64-linux-gnu@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libbinutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf-nobfd0@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf0@2.35.1-7

Overview

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

References

low severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: binutils
  • Introduced through: binutils@2.35.1-7, binutils/binutils-common@2.35.1-7 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* binutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-common@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-x86-64-linux-gnu@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libbinutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf-nobfd0@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf0@2.35.1-7

Overview

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

References

low severity

CVE-2021-20197

  • Vulnerable module: binutils
  • Introduced through: binutils@2.35.1-7, binutils/binutils-common@2.35.1-7 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* binutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-common@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-x86-64-linux-gnu@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libbinutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf-nobfd0@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf0@2.35.1-7

Overview

Affected versions of this package are vulnerable to CVE-2021-20197.

Remediation

There is no fixed version for binutils.

References

low severity

Double Free

  • Vulnerable module: binutils
  • Introduced through: binutils@2.35.1-7, binutils/binutils-common@2.35.1-7 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* binutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-common@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-x86-64-linux-gnu@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libbinutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf-nobfd0@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf0@2.35.1-7

Overview

Affected versions of this package are vulnerable to Double Free. A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.34 in the process_symbol_table, as demonstrated in readelf, via a crafted file.

Remediation

There is no fixed version for binutils.

References

low severity

Improper Input Validation

  • Vulnerable module: binutils
  • Introduced through: binutils@2.35.1-7, binutils/binutils-common@2.35.1-7 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* binutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-common@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-x86-64-linux-gnu@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libbinutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf-nobfd0@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf0@2.35.1-7

Overview

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: binutils
  • Introduced through: binutils@2.35.1-7, binutils/binutils-common@2.35.1-7 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* binutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-common@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-x86-64-linux-gnu@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libbinutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf-nobfd0@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf0@2.35.1-7

Overview

The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: binutils
  • Introduced through: binutils@2.35.1-7, binutils/binutils-common@2.35.1-7 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* binutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-common@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-x86-64-linux-gnu@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libbinutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf-nobfd0@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf0@2.35.1-7

Overview

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.35.1-7, binutils/binutils-common@2.35.1-7 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* binutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-common@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-x86-64-linux-gnu@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libbinutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf-nobfd0@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf0@2.35.1-7

Overview

Affected versions of this package are vulnerable to NULL Pointer Dereference. A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.

Remediation

There is no fixed version for binutils.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.35.1-7, binutils/binutils-common@2.35.1-7 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* binutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-common@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-x86-64-linux-gnu@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libbinutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf-nobfd0@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf0@2.35.1-7

Overview

Affected versions of this package are vulnerable to NULL Pointer Dereference. A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

Remediation

There is no fixed version for binutils.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.35.1-7, binutils/binutils-common@2.35.1-7 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* binutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-common@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-x86-64-linux-gnu@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libbinutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf-nobfd0@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf0@2.35.1-7

Overview

Affected versions of this package are vulnerable to NULL Pointer Dereference. A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in debug_get_real_type, as demonstrated in objdump, that can cause a denial of service via a crafted file.

Remediation

There is no fixed version for binutils.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.35.1-7, binutils/binutils-common@2.35.1-7 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* binutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-common@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-x86-64-linux-gnu@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libbinutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf-nobfd0@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf0@2.35.1-7

Overview

Affected versions of this package are vulnerable to Out-of-bounds Read. A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.34 due to an invalid read in process_symbol_table, as demonstrated in readeif.

Remediation

There is no fixed version for binutils.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.35.1-7, binutils/binutils-common@2.35.1-7 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* binutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-common@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-x86-64-linux-gnu@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libbinutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf-nobfd0@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf0@2.35.1-7

Overview

A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.

References

low severity

Out-of-bounds Write

  • Vulnerable module: binutils
  • Introduced through: binutils@2.35.1-7, binutils/binutils-common@2.35.1-7 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* binutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-common@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-x86-64-linux-gnu@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libbinutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf-nobfd0@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf0@2.35.1-7

Overview

Affected versions of this package are vulnerable to Out-of-bounds Write. An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.

Remediation

There is no fixed version for binutils.

References

low severity

Out-of-bounds Write

  • Vulnerable module: binutils
  • Introduced through: binutils@2.35.1-7, binutils/binutils-common@2.35.1-7 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* binutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-common@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-x86-64-linux-gnu@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libbinutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf-nobfd0@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf0@2.35.1-7

Overview

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

References

low severity

Uncontrolled Recursion

  • Vulnerable module: binutils
  • Introduced through: binutils@2.35.1-7, binutils/binutils-common@2.35.1-7 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* binutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-common@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-x86-64-linux-gnu@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libbinutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf-nobfd0@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf0@2.35.1-7

Overview

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.

References

low severity

Uncontrolled Recursion

  • Vulnerable module: binutils
  • Introduced through: binutils@2.35.1-7, binutils/binutils-common@2.35.1-7 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* binutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-common@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-x86-64-linux-gnu@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libbinutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf-nobfd0@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf0@2.35.1-7

Overview

find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.

References

low severity

Use After Free

  • Vulnerable module: binutils
  • Introduced through: binutils@2.35.1-7, binutils/binutils-common@2.35.1-7 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* binutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-common@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-x86-64-linux-gnu@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libbinutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf-nobfd0@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf0@2.35.1-7

Overview

Affected versions of this package are vulnerable to Use After Free. A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

Remediation

There is no fixed version for binutils.

References

low severity

Use After Free

  • Vulnerable module: binutils
  • Introduced through: binutils@2.35.1-7, binutils/binutils-common@2.35.1-7 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* binutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-common@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/binutils-x86-64-linux-gnu@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libbinutils@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf-nobfd0@2.35.1-7
  • Introduced through: buildpack-deps:testing@* binutils/libctf0@2.35.1-7

Overview

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.

References

low severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: cairo/libcairo-gobject2
  • Introduced through: cairo/libcairo-gobject2@1.16.0-5, cairo/libcairo-script-interpreter2@1.16.0-5 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* cairo/libcairo-gobject2@1.16.0-5
  • Introduced through: buildpack-deps:testing@* cairo/libcairo-script-interpreter2@1.16.0-5
  • Introduced through: buildpack-deps:testing@* cairo/libcairo2@1.16.0-5
  • Introduced through: buildpack-deps:testing@* cairo/libcairo2-dev@1.16.0-5

Overview

An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: cairo/libcairo-gobject2
  • Introduced through: cairo/libcairo-gobject2@1.16.0-5, cairo/libcairo-script-interpreter2@1.16.0-5 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* cairo/libcairo-gobject2@1.16.0-5
  • Introduced through: buildpack-deps:testing@* cairo/libcairo-script-interpreter2@1.16.0-5
  • Introduced through: buildpack-deps:testing@* cairo/libcairo2@1.16.0-5
  • Introduced through: buildpack-deps:testing@* cairo/libcairo2-dev@1.16.0-5

Overview

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.

References

low severity

Out-of-Bounds

  • Vulnerable module: cairo/libcairo-gobject2
  • Introduced through: cairo/libcairo-gobject2@1.16.0-5, cairo/libcairo-script-interpreter2@1.16.0-5 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* cairo/libcairo-gobject2@1.16.0-5
  • Introduced through: buildpack-deps:testing@* cairo/libcairo-script-interpreter2@1.16.0-5
  • Introduced through: buildpack-deps:testing@* cairo/libcairo2@1.16.0-5
  • Introduced through: buildpack-deps:testing@* cairo/libcairo2-dev@1.16.0-5

Overview

cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).

References

low severity

Out-of-bounds Read

  • Vulnerable module: cairo/libcairo-gobject2
  • Introduced through: cairo/libcairo-gobject2@1.16.0-5, cairo/libcairo-script-interpreter2@1.16.0-5 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* cairo/libcairo-gobject2@1.16.0-5
  • Introduced through: buildpack-deps:testing@* cairo/libcairo-script-interpreter2@1.16.0-5
  • Introduced through: buildpack-deps:testing@* cairo/libcairo2@1.16.0-5
  • Introduced through: buildpack-deps:testing@* cairo/libcairo2-dev@1.16.0-5

Overview

cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

References

low severity

Reachable Assertion

  • Vulnerable module: cairo/libcairo-gobject2
  • Introduced through: cairo/libcairo-gobject2@1.16.0-5, cairo/libcairo-script-interpreter2@1.16.0-5 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* cairo/libcairo-gobject2@1.16.0-5
  • Introduced through: buildpack-deps:testing@* cairo/libcairo-script-interpreter2@1.16.0-5
  • Introduced through: buildpack-deps:testing@* cairo/libcairo2@1.16.0-5
  • Introduced through: buildpack-deps:testing@* cairo/libcairo2-dev@1.16.0-5

Overview

An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.

References

low severity

Improper Input Validation

  • Vulnerable module: coreutils/coreutils
  • Introduced through: coreutils/coreutils@8.32-4+b1

Detailed paths

  • Introduced through: buildpack-deps:testing@* coreutils/coreutils@8.32-4+b1

Overview

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

References

low severity

Race Condition

  • Vulnerable module: coreutils/coreutils
  • Introduced through: coreutils/coreutils@8.32-4+b1

Detailed paths

  • Introduced through: buildpack-deps:testing@* coreutils/coreutils@8.32-4+b1

Overview

In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.

References

low severity

Access Restriction Bypass

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.2.10-1 and expat/libexpat1-dev@2.2.10-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* expat/libexpat1@2.2.10-1
  • Introduced through: buildpack-deps:testing@* expat/libexpat1-dev@2.2.10-1

Overview

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.

References

low severity

Improper Input Validation

  • Vulnerable module: git
  • Introduced through: git@1:2.30.0-1 and git/git-man@1:2.30.0-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* git@1:2.30.0-1
  • Introduced through: buildpack-deps:testing@* git/git-man@1:2.30.0-1

Overview

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

References

low severity

Cryptographic Issues

  • Vulnerable module: glib2.0/libglib2.0-0
  • Introduced through: glib2.0/libglib2.0-0@2.66.6-1, glib2.0/libglib2.0-bin@2.66.6-1 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* glib2.0/libglib2.0-0@2.66.6-1
  • Introduced through: buildpack-deps:testing@* glib2.0/libglib2.0-bin@2.66.6-1
  • Introduced through: buildpack-deps:testing@* glib2.0/libglib2.0-data@2.66.6-1
  • Introduced through: buildpack-deps:testing@* glib2.0/libglib2.0-dev@2.66.6-1
  • Introduced through: buildpack-deps:testing@* glib2.0/libglib2.0-dev-bin@2.66.6-1

Overview

** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.

References

low severity

Access Restriction Bypass

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.31-9, glibc/libc-dev-bin@2.31-9 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* glibc/libc-bin@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc-dev-bin@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc6@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc6-dev@2.31-9

Overview

** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

References

low severity

CVE-2010-4051

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.31-9, glibc/libc-dev-bin@2.31-9 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* glibc/libc-bin@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc-dev-bin@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc6@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc6-dev@2.31-9

Overview

The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."

References

low severity

Information Exposure

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.31-9, glibc/libc-dev-bin@2.31-9 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* glibc/libc-bin@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc-dev-bin@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc6@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc6-dev@2.31-9

Overview

** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

References

low severity

Out-of-Bounds

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.31-9, glibc/libc-dev-bin@2.31-9 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* glibc/libc-bin@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc-dev-bin@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc6@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc6-dev@2.31-9

Overview

** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

References

low severity

Resource Management Errors

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.31-9, glibc/libc-dev-bin@2.31-9 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* glibc/libc-bin@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc-dev-bin@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc6@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc6-dev@2.31-9

Overview

Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.

References

low severity

Resource Management Errors

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.31-9, glibc/libc-dev-bin@2.31-9 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* glibc/libc-bin@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc-dev-bin@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc6@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc6-dev@2.31-9

Overview

The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.

References

low severity

Uncontrolled Recursion

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.31-9, glibc/libc-dev-bin@2.31-9 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* glibc/libc-bin@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc-dev-bin@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc6@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc6-dev@2.31-9

Overview

** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\1\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.

References

low severity

Uncontrolled Recursion

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.31-9, glibc/libc-dev-bin@2.31-9 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* glibc/libc-bin@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc-dev-bin@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc6@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc6-dev@2.31-9

Overview

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\1\1|t1|\\2537)+' in grep.

References

low severity

Use of Insufficiently Random Values

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.31-9, glibc/libc-dev-bin@2.31-9 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* glibc/libc-bin@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc-dev-bin@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc6@2.31-9
  • Introduced through: buildpack-deps:testing@* glibc/libc6-dev@2.31-9

Overview

** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability."

References

low severity

Improper Input Validation

  • Vulnerable module: gnutls28/libgnutls30
  • Introduced through: gnutls28/libgnutls30@3.7.0-5

Detailed paths

  • Introduced through: buildpack-deps:testing@* gnutls28/libgnutls30@3.7.0-5

Overview

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

References

low severity

CVE-2005-0406

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* imagemagick@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1

Overview

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

References

low severity
new

CVE-2021-20241

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* imagemagick@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1

Overview

Affected versions of this package are vulnerable to CVE-2021-20241.

Remediation

There is no fixed version for imagemagick.

References

low severity
new

CVE-2021-20244

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* imagemagick@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1

Overview

Affected versions of this package are vulnerable to CVE-2021-20244.

Remediation

There is no fixed version for imagemagick.

References

low severity
new

CVE-2021-20245

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* imagemagick@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1

Overview

Affected versions of this package are vulnerable to CVE-2021-20245.

Remediation

There is no fixed version for imagemagick.

References

low severity
new

CVE-2021-20246

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* imagemagick@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1

Overview

Affected versions of this package are vulnerable to CVE-2021-20246.

Remediation

There is no fixed version for imagemagick.

References

low severity

Missing Release of Resource after Effective Lifetime

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* imagemagick@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1

Overview

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.

References

low severity

Missing Release of Resource after Effective Lifetime

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* imagemagick@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1

Overview

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.

References

low severity

Out-of-Bounds

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* imagemagick@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1

Overview

The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.

References

low severity

Out-of-bounds Read

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* imagemagick@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1

Overview

The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."

References

low severity

Resource Exhaustion

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* imagemagick@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1

Overview

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

References

low severity

Resource Management Errors

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.9.11.60+dfsg-1, imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* imagemagick@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/imagemagick-6.q16@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6-arch-config@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6-headers@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-6@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-6-extra@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-6.q16-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickcore-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6-headers@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6.q16-6@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-6.q16-dev@8:6.9.11.60+dfsg-1
  • Introduced through: buildpack-deps:testing@* imagemagick/libmagickwand-dev@8:6.9.11.60+dfsg-1

Overview

Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.

References

low severity

Out-of-Bounds

  • Vulnerable module: jbigkit/libjbig-dev
  • Introduced through: jbigkit/libjbig-dev@2.1-3.1+b2 and jbigkit/libjbig0@2.1-3.1+b2

Detailed paths

  • Introduced through: buildpack-deps:testing@* jbigkit/libjbig-dev@2.1-3.1+b2
  • Introduced through: buildpack-deps:testing@* jbigkit/libjbig0@2.1-3.1+b2

Overview

In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.

References

low severity

CVE-2004-0971

  • Vulnerable module: krb5/krb5-multidev
  • Introduced through: krb5/krb5-multidev@1.18.3-4, krb5/libgssapi-krb5-2@1.18.3-4 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* krb5/krb5-multidev@1.18.3-4
  • Introduced through: buildpack-deps:testing@* krb5/libgssapi-krb5-2@1.18.3-4
  • Introduced through: buildpack-deps:testing@* krb5/libgssrpc4@1.18.3-4
  • Introduced through: buildpack-deps:testing@* krb5/libk5crypto3@1.18.3-4
  • Introduced through: buildpack-deps:testing@* krb5/libkadm5clnt-mit12@1.18.3-4
  • Introduced through: buildpack-deps:testing@* krb5/libkadm5srv-mit12@1.18.3-4
  • Introduced through: buildpack-deps:testing@* krb5/libkdb5-10@1.18.3-4
  • Introduced through: buildpack-deps:testing@* krb5/libkrb5-3@1.18.3-4
  • Introduced through: buildpack-deps:testing@* krb5/libkrb5-dev@1.18.3-4
  • Introduced through: buildpack-deps:testing@* krb5/libkrb5support0@1.18.3-4

Overview

The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: krb5/krb5-multidev
  • Introduced through: krb5/krb5-multidev@1.18.3-4, krb5/libgssapi-krb5-2@1.18.3-4 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* krb5/krb5-multidev@1.18.3-4
  • Introduced through: buildpack-deps:testing@* krb5/libgssapi-krb5-2@1.18.3-4
  • Introduced through: buildpack-deps:testing@* krb5/libgssrpc4@1.18.3-4
  • Introduced through: buildpack-deps:testing@* krb5/libk5crypto3@1.18.3-4
  • Introduced through: buildpack-deps:testing@* krb5/libkadm5clnt-mit12@1.18.3-4
  • Introduced through: buildpack-deps:testing@* krb5/libkadm5srv-mit12@1.18.3-4
  • Introduced through: buildpack-deps:testing@* krb5/libkdb5-10@1.18.3-4
  • Introduced through: buildpack-deps:testing@* krb5/libkrb5-3@1.18.3-4
  • Introduced through: buildpack-deps:testing@* krb5/libkrb5-dev@1.18.3-4
  • Introduced through: buildpack-deps:testing@* krb5/libkrb5support0@1.18.3-4

Overview

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

References

low severity

Use of a Broken or Risky Cryptographic Algorithm

  • Vulnerable module: libgcrypt20
  • Introduced through: libgcrypt20@1.8.7-2

Detailed paths

  • Introduced through: buildpack-deps:testing@* libgcrypt20@1.8.7-2

Overview

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

References

low severity

Memory Leak

  • Vulnerable module: libpng1.6/libpng-dev
  • Introduced through: libpng1.6/libpng-dev@1.6.37-3 and libpng1.6/libpng16-16@1.6.37-3

Detailed paths

  • Introduced through: buildpack-deps:testing@* libpng1.6/libpng-dev@1.6.37-3
  • Introduced through: buildpack-deps:testing@* libpng1.6/libpng16-16@1.6.37-3

Overview

** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer."

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: libwebp/libwebp-dev
  • Introduced through: libwebp/libwebp-dev@0.6.1-2+b1, libwebp/libwebp6@0.6.1-2+b1 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* libwebp/libwebp-dev@0.6.1-2+b1
  • Introduced through: buildpack-deps:testing@* libwebp/libwebp6@0.6.1-2+b1
  • Introduced through: buildpack-deps:testing@* libwebp/libwebpdemux2@0.6.1-2+b1
  • Introduced through: buildpack-deps:testing@* libwebp/libwebpmux3@0.6.1-2+b1

Overview

Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.

References

low severity

Numeric Errors

  • Vulnerable module: libwmf/libwmf-dev
  • Introduced through: libwmf/libwmf-dev@0.2.8.4-17 and libwmf/libwmf0.2-7@0.2.8.4-17

Detailed paths

  • Introduced through: buildpack-deps:testing@* libwmf/libwmf-dev@0.2.8.4-17
  • Introduced through: buildpack-deps:testing@* libwmf/libwmf0.2-7@0.2.8.4-17

Overview

Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.

References

low severity

Numeric Errors

  • Vulnerable module: libwmf/libwmf-dev
  • Introduced through: libwmf/libwmf-dev@0.2.8.4-17 and libwmf/libwmf0.2-7@0.2.8.4-17

Detailed paths

  • Introduced through: buildpack-deps:testing@* libwmf/libwmf-dev@0.2.8.4-17
  • Introduced through: buildpack-deps:testing@* libwmf/libwmf0.2-7@0.2.8.4-17

Overview

Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.

References

low severity

Out-of-Bounds

  • Vulnerable module: libwmf/libwmf-dev
  • Introduced through: libwmf/libwmf-dev@0.2.8.4-17 and libwmf/libwmf0.2-7@0.2.8.4-17

Detailed paths

  • Introduced through: buildpack-deps:testing@* libwmf/libwmf-dev@0.2.8.4-17
  • Introduced through: buildpack-deps:testing@* libwmf/libwmf0.2-7@0.2.8.4-17

Overview

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.

References

low severity

Resource Management Errors

  • Vulnerable module: libwmf/libwmf-dev
  • Introduced through: libwmf/libwmf-dev@0.2.8.4-17 and libwmf/libwmf0.2-7@0.2.8.4-17

Detailed paths

  • Introduced through: buildpack-deps:testing@* libwmf/libwmf-dev@0.2.8.4-17
  • Introduced through: buildpack-deps:testing@* libwmf/libwmf0.2-7@0.2.8.4-17

low severity

Use of Insufficiently Random Values

  • Vulnerable module: libxslt/libxslt1-dev
  • Introduced through: libxslt/libxslt1-dev@1.1.34-4 and libxslt/libxslt1.1@1.1.34-4

Detailed paths

  • Introduced through: buildpack-deps:testing@* libxslt/libxslt1-dev@1.1.34-4
  • Introduced through: buildpack-deps:testing@* libxslt/libxslt1.1@1.1.34-4

Overview

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

References

low severity

CVE-2008-1687

  • Vulnerable module: m4
  • Introduced through: m4@1.4.18-5

Detailed paths

  • Introduced through: buildpack-deps:testing@* m4@1.4.18-5

Overview

The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.

References

low severity

CVE-2008-1688

  • Vulnerable module: m4
  • Introduced through: m4@1.4.18-5

Detailed paths

  • Introduced through: buildpack-deps:testing@* m4@1.4.18-5

Overview

Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries.

References

low severity

Resource Exhaustion

  • Vulnerable module: openexr/libopenexr-dev
  • Introduced through: openexr/libopenexr-dev@2.5.4-1 and openexr/libopenexr25@2.5.4-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* openexr/libopenexr-dev@2.5.4-1
  • Introduced through: buildpack-deps:testing@* openexr/libopenexr25@2.5.4-1

Overview

** DISPUTED ** Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid.

References

low severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.4.0-1 and openjpeg2/libopenjp2-7-dev@2.4.0-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7@2.4.0-1
  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7-dev@2.4.0-1

Overview

An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.

References

low severity

Divide By Zero

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.4.0-1 and openjpeg2/libopenjp2-7-dev@2.4.0-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7@2.4.0-1
  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7-dev@2.4.0-1

Overview

Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.

References

low severity

Improper Input Validation

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.4.0-1 and openjpeg2/libopenjp2-7-dev@2.4.0-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7@2.4.0-1
  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7-dev@2.4.0-1

Overview

Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.4.0-1 and openjpeg2/libopenjp2-7-dev@2.4.0-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7@2.4.0-1
  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7-dev@2.4.0-1

Overview

An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.4.0-1 and openjpeg2/libopenjp2-7-dev@2.4.0-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7@2.4.0-1
  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7-dev@2.4.0-1

Overview

NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.4.0-1 and openjpeg2/libopenjp2-7-dev@2.4.0-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7@2.4.0-1
  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7-dev@2.4.0-1

Overview

There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.4.0-1 and openjpeg2/libopenjp2-7-dev@2.4.0-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7@2.4.0-1
  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7-dev@2.4.0-1

Overview

NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.4.0-1 and openjpeg2/libopenjp2-7-dev@2.4.0-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7@2.4.0-1
  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7-dev@2.4.0-1

Overview

NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.4.0-1 and openjpeg2/libopenjp2-7-dev@2.4.0-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7@2.4.0-1
  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7-dev@2.4.0-1

Overview

There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.

References

low severity

Out-of-Bounds

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.4.0-1 and openjpeg2/libopenjp2-7-dev@2.4.0-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7@2.4.0-1
  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7-dev@2.4.0-1

Overview

An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.

References

low severity

Out-of-Bounds

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.4.0-1 and openjpeg2/libopenjp2-7-dev@2.4.0-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7@2.4.0-1
  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7-dev@2.4.0-1

Overview

Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

References

low severity

Out-of-bounds Write

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.4.0-1 and openjpeg2/libopenjp2-7-dev@2.4.0-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7@2.4.0-1
  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7-dev@2.4.0-1

Overview

An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.

References

low severity

Out-of-bounds Write

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.4.0-1 and openjpeg2/libopenjp2-7-dev@2.4.0-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7@2.4.0-1
  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7-dev@2.4.0-1

Overview

In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.

References

low severity

Out-of-bounds Write

  • Vulnerable module: openjpeg2/libopenjp2-7
  • Introduced through: openjpeg2/libopenjp2-7@2.4.0-1 and openjpeg2/libopenjp2-7-dev@2.4.0-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7@2.4.0-1
  • Introduced through: buildpack-deps:testing@* openjpeg2/libopenjp2-7-dev@2.4.0-1

Overview

An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.

References

low severity

Cryptographic Issues

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.57+dfsg-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* openldap/libldap-2.4-2@2.4.57+dfsg-1

Overview

The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.

References

low severity

Improper Certificate Validation

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.57+dfsg-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* openldap/libldap-2.4-2@2.4.57+dfsg-1

Overview

Affected versions of this package are vulnerable to Improper Certificate Validation libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.

Remediation

There is no fixed version for openldap.

References

low severity

Improper Initialization

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.57+dfsg-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* openldap/libldap-2.4-2@2.4.57+dfsg-1

Overview

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, as demonstrated by openldap-initscript.

References

low severity

Out-of-Bounds

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.57+dfsg-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* openldap/libldap-2.4-2@2.4.57+dfsg-1

Overview

contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.

References

low severity

Access Restriction Bypass

  • Vulnerable module: openssh/openssh-client
  • Introduced through: openssh/openssh-client@1:8.4p1-3

Detailed paths

  • Introduced through: buildpack-deps:testing@* openssh/openssh-client@1:8.4p1-3

Overview

sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.

References

low severity

CVE-2007-2768

  • Vulnerable module: openssh/openssh-client
  • Introduced through: openssh/openssh-client@1:8.4p1-3

Detailed paths

  • Introduced through: buildpack-deps:testing@* openssh/openssh-client@1:8.4p1-3

Overview

OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.

References

low severity

Improper Authentication

  • Vulnerable module: openssh/openssh-client
  • Introduced through: openssh/openssh-client@1:8.4p1-3

Detailed paths

  • Introduced through: buildpack-deps:testing@* openssh/openssh-client@1:8.4p1-3

Overview

OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.

References

low severity

Inappropriate Encoding for Output Context

  • Vulnerable module: openssh/openssh-client
  • Introduced through: openssh/openssh-client@1:8.4p1-3

Detailed paths

  • Introduced through: buildpack-deps:testing@* openssh/openssh-client@1:8.4p1-3

Overview

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

References

low severity

Information Exposure

  • Vulnerable module: openssh/openssh-client
  • Introduced through: openssh/openssh-client@1:8.4p1-3

Detailed paths

  • Introduced through: buildpack-deps:testing@* openssh/openssh-client@1:8.4p1-3

Overview

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

References

low severity

Information Exposure

  • Vulnerable module: openssh/openssh-client
  • Introduced through: openssh/openssh-client@1:8.4p1-3

Detailed paths

  • Introduced through: buildpack-deps:testing@* openssh/openssh-client@1:8.4p1-3

Overview

Affected versions of this package are vulnerable to Information Exposure. The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).

Remediation

There is no fixed version for openssh.

References

low severity

OS Command Injection

  • Vulnerable module: openssh/openssh-client
  • Introduced through: openssh/openssh-client@1:8.4p1-3

Detailed paths

  • Introduced through: buildpack-deps:testing@* openssh/openssh-client@1:8.4p1-3

Overview

Affected versions of this package are vulnerable to OS Command Injection scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

Remediation

There is no fixed version for openssh.

References

low severity

Cryptographic Issues

  • Vulnerable module: openssl
  • Introduced through: openssl@1.1.1i-3, openssl/libssl-dev@1.1.1i-3 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* openssl@1.1.1i-3
  • Introduced through: buildpack-deps:testing@* openssl/libssl-dev@1.1.1i-3
  • Introduced through: buildpack-deps:testing@* openssl/libssl1.1@1.1.1i-3

Overview

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.

References

low severity

Cryptographic Issues

  • Vulnerable module: openssl
  • Introduced through: openssl@1.1.1i-3, openssl/libssl-dev@1.1.1i-3 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* openssl@1.1.1i-3
  • Introduced through: buildpack-deps:testing@* openssl/libssl-dev@1.1.1i-3
  • Introduced through: buildpack-deps:testing@* openssl/libssl1.1@1.1.1i-3

Overview

OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."

References

low severity

Directory Traversal

  • Vulnerable module: patch
  • Introduced through: patch@2.7.6-7

Detailed paths

  • Introduced through: buildpack-deps:testing@* patch@2.7.6-7

low severity

Double Free

  • Vulnerable module: patch
  • Introduced through: patch@2.7.6-7

Detailed paths

  • Introduced through: buildpack-deps:testing@* patch@2.7.6-7

Overview

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: patch
  • Introduced through: patch@2.7.6-7

Detailed paths

  • Introduced through: buildpack-deps:testing@* patch@2.7.6-7

Overview

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.

References

low severity

Out-of-Bounds

  • Vulnerable module: pcre3/libpcre16-3
  • Introduced through: pcre3/libpcre16-3@2:8.39-13, pcre3/libpcre3@2:8.39-13 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* pcre3/libpcre16-3@2:8.39-13
  • Introduced through: buildpack-deps:testing@* pcre3/libpcre3@2:8.39-13
  • Introduced through: buildpack-deps:testing@* pcre3/libpcre3-dev@2:8.39-13
  • Introduced through: buildpack-deps:testing@* pcre3/libpcre32-3@2:8.39-13
  • Introduced through: buildpack-deps:testing@* pcre3/libpcrecpp0v5@2:8.39-13

Overview

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.

References

low severity

Out-of-Bounds

  • Vulnerable module: pcre3/libpcre16-3
  • Introduced through: pcre3/libpcre16-3@2:8.39-13, pcre3/libpcre3@2:8.39-13 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* pcre3/libpcre16-3@2:8.39-13
  • Introduced through: buildpack-deps:testing@* pcre3/libpcre3@2:8.39-13
  • Introduced through: buildpack-deps:testing@* pcre3/libpcre3-dev@2:8.39-13
  • Introduced through: buildpack-deps:testing@* pcre3/libpcre32-3@2:8.39-13
  • Introduced through: buildpack-deps:testing@* pcre3/libpcrecpp0v5@2:8.39-13

Overview

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.

References

low severity

Out-of-Bounds

  • Vulnerable module: pcre3/libpcre16-3
  • Introduced through: pcre3/libpcre16-3@2:8.39-13, pcre3/libpcre3@2:8.39-13 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* pcre3/libpcre16-3@2:8.39-13
  • Introduced through: buildpack-deps:testing@* pcre3/libpcre3@2:8.39-13
  • Introduced through: buildpack-deps:testing@* pcre3/libpcre3-dev@2:8.39-13
  • Introduced through: buildpack-deps:testing@* pcre3/libpcre32-3@2:8.39-13
  • Introduced through: buildpack-deps:testing@* pcre3/libpcrecpp0v5@2:8.39-13

Overview

** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.

References

low severity

Out-of-bounds Read

  • Vulnerable module: pcre3/libpcre16-3
  • Introduced through: pcre3/libpcre16-3@2:8.39-13, pcre3/libpcre3@2:8.39-13 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* pcre3/libpcre16-3@2:8.39-13
  • Introduced through: buildpack-deps:testing@* pcre3/libpcre3@2:8.39-13
  • Introduced through: buildpack-deps:testing@* pcre3/libpcre3-dev@2:8.39-13
  • Introduced through: buildpack-deps:testing@* pcre3/libpcre32-3@2:8.39-13
  • Introduced through: buildpack-deps:testing@* pcre3/libpcrecpp0v5@2:8.39-13

Overview

Affected versions of this package are vulnerable to Out-of-bounds Read libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

Remediation

There is no fixed version for pcre3.

References

low severity

Uncontrolled Recursion

  • Vulnerable module: pcre3/libpcre16-3
  • Introduced through: pcre3/libpcre16-3@2:8.39-13, pcre3/libpcre3@2:8.39-13 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* pcre3/libpcre16-3@2:8.39-13
  • Introduced through: buildpack-deps:testing@* pcre3/libpcre3@2:8.39-13
  • Introduced through: buildpack-deps:testing@* pcre3/libpcre3-dev@2:8.39-13
  • Introduced through: buildpack-deps:testing@* pcre3/libpcre32-3@2:8.39-13
  • Introduced through: buildpack-deps:testing@* pcre3/libpcrecpp0v5@2:8.39-13

Overview

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

References

low severity

Link Following

  • Vulnerable module: perl
  • Introduced through: perl@5.32.1-2, perl/libperl5.32@5.32.1-2 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* perl@5.32.1-2
  • Introduced through: buildpack-deps:testing@* perl/libperl5.32@5.32.1-2
  • Introduced through: buildpack-deps:testing@* perl/perl-base@5.32.1-2
  • Introduced through: buildpack-deps:testing@* perl/perl-modules-5.32@5.32.1-2

Overview

_is_safe in the File::Temp module for Perl does not properly handle symlinks.

References

low severity
new

CVE-2021-3393

  • Vulnerable module: postgresql-13/libpq-dev
  • Introduced through: postgresql-13/libpq-dev@13.1-1+b1 and postgresql-13/libpq5@13.1-1+b1
  • Fixed in: 13.2-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* postgresql-13/libpq-dev@13.1-1+b1
  • Introduced through: buildpack-deps:testing@* postgresql-13/libpq5@13.1-1+b1

Overview

Affected versions of this package are vulnerable to CVE-2021-3393.

Remediation

Upgrade postgresql-13 to version or higher.

References

low severity

CVE-2020-27619

  • Vulnerable module: python3.9
  • Introduced through: python3.9@3.9.1-4, python3.9/libpython3.9-minimal@3.9.1-4 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* python3.9@3.9.1-4
  • Introduced through: buildpack-deps:testing@* python3.9/libpython3.9-minimal@3.9.1-4
  • Introduced through: buildpack-deps:testing@* python3.9/libpython3.9-stdlib@3.9.1-4
  • Introduced through: buildpack-deps:testing@* python3.9/python3.9-minimal@3.9.1-4

Overview

Affected versions of this package are vulnerable to CVE-2020-27619. In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

Remediation

There is no fixed version for python3.9.

References

low severity

Access Restriction Bypass

  • Vulnerable module: shadow/login
  • Introduced through: shadow/login@1:4.8.1-1 and shadow/passwd@1:4.8.1-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* shadow/login@1:4.8.1-1
  • Introduced through: buildpack-deps:testing@* shadow/passwd@1:4.8.1-1

Overview

initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.

References

low severity

Incorrect Permission Assignment for Critical Resource

  • Vulnerable module: shadow/login
  • Introduced through: shadow/login@1:4.8.1-1 and shadow/passwd@1:4.8.1-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* shadow/login@1:4.8.1-1
  • Introduced through: buildpack-deps:testing@* shadow/passwd@1:4.8.1-1

Overview

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).

References

low severity

Time-of-check Time-of-use (TOCTOU)

  • Vulnerable module: shadow/login
  • Introduced through: shadow/login@1:4.8.1-1 and shadow/passwd@1:4.8.1-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* shadow/login@1:4.8.1-1
  • Introduced through: buildpack-deps:testing@* shadow/passwd@1:4.8.1-1

Overview

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

References

low severity
new

CVE-2020-17525

  • Vulnerable module: subversion/libsvn1
  • Introduced through: subversion/libsvn1@1.14.0-3+b2 and subversion/subversion@1.14.0-3+b2
  • Fixed in: 1.14.1-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* subversion/libsvn1@1.14.0-3+b2
  • Introduced through: buildpack-deps:testing@* subversion/subversion@1.14.0-3+b2

Overview

Affected versions of this package are vulnerable to CVE-2020-17525.

Remediation

Upgrade subversion to version or higher.

References

low severity

CVE-2019-9619

  • Vulnerable module: systemd/libsystemd0
  • Introduced through: systemd/libsystemd0@247.3-1 and systemd/libudev1@247.3-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* systemd/libsystemd0@247.3-1
  • Introduced through: buildpack-deps:testing@* systemd/libudev1@247.3-1

Overview

CVE-2019-9619

References

low severity

Link Following

  • Vulnerable module: systemd/libsystemd0
  • Introduced through: systemd/libsystemd0@247.3-1 and systemd/libudev1@247.3-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* systemd/libsystemd0@247.3-1
  • Introduced through: buildpack-deps:testing@* systemd/libudev1@247.3-1

Overview

systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.

References

low severity

CVE-2005-2541

  • Vulnerable module: tar
  • Introduced through: tar@1.32+dfsg-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* tar@1.32+dfsg-1

Overview

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.

This is considered intended behaviour, as tar is an archiving tool and one needs to give -p as a command line flag

References

low severity

CVE-2021-20193

  • Vulnerable module: tar
  • Introduced through: tar@1.32+dfsg-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* tar@1.32+dfsg-1

Overview

Affected versions of this package are vulnerable to CVE-2021-20193.

Remediation

There is no fixed version for tar.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: tar
  • Introduced through: tar@1.32+dfsg-1

Detailed paths

  • Introduced through: buildpack-deps:testing@* tar@1.32+dfsg-1

Overview

pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.

References

low severity

Divide By Zero

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.2.0-1, tiff/libtiff5@4.2.0-1 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* tiff/libtiff-dev@4.2.0-1
  • Introduced through: buildpack-deps:testing@* tiff/libtiff5@4.2.0-1
  • Introduced through: buildpack-deps:testing@* tiff/libtiffxx5@4.2.0-1

Overview

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.

References

low severity

Missing Release of Resource after Effective Lifetime

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.2.0-1, tiff/libtiff5@4.2.0-1 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* tiff/libtiff-dev@4.2.0-1
  • Introduced through: buildpack-deps:testing@* tiff/libtiff5@4.2.0-1
  • Introduced through: buildpack-deps:testing@* tiff/libtiffxx5@4.2.0-1

Overview

** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.2.0-1, tiff/libtiff5@4.2.0-1 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* tiff/libtiff-dev@4.2.0-1
  • Introduced through: buildpack-deps:testing@* tiff/libtiff5@4.2.0-1
  • Introduced through: buildpack-deps:testing@* tiff/libtiffxx5@4.2.0-1

Overview

LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.

References

low severity

Out-of-bounds Read

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.2.0-1, tiff/libtiff5@4.2.0-1 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* tiff/libtiff-dev@4.2.0-1
  • Introduced through: buildpack-deps:testing@* tiff/libtiff5@4.2.0-1
  • Introduced through: buildpack-deps:testing@* tiff/libtiffxx5@4.2.0-1

Overview

LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.

References

low severity

Out-of-bounds Read

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.2.0-1, tiff/libtiff5@4.2.0-1 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* tiff/libtiff-dev@4.2.0-1
  • Introduced through: buildpack-deps:testing@* tiff/libtiff5@4.2.0-1
  • Introduced through: buildpack-deps:testing@* tiff/libtiffxx5@4.2.0-1

Overview

In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.

References

low severity

Use After Free

  • Vulnerable module: tiff/libtiff-dev
  • Introduced through: tiff/libtiff-dev@4.2.0-1, tiff/libtiff5@4.2.0-1 and others

Detailed paths

  • Introduced through: buildpack-deps:testing@* tiff/libtiff-dev@4.2.0-1
  • Introduced through: buildpack-deps:testing@* tiff/libtiff5@4.2.0-1
  • Introduced through: buildpack-deps:testing@* tiff/libtiffxx5@4.2.0-1

Overview

** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.

References