Docker buildpack-deps:xenial

Vulnerabilities

300 via 730 paths

Dependencies

409

Source

Group 6 Copy Created with Sketch. Docker

Target OS

ubuntu:16.04
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 1
  • 33
  • 266
Status
  • 300
  • 0
  • 0

high severity

CVE-2020-14151

  • Vulnerable module: libjpeg-turbo/libjpeg-turbo8
  • Introduced through: libjpeg-turbo/libjpeg-turbo8@1.4.2-0ubuntu3.4 and libjpeg-turbo/libjpeg-turbo8-dev@1.4.2-0ubuntu3.4

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libjpeg-turbo/libjpeg-turbo8@1.4.2-0ubuntu3.4
  • Introduced through: buildpack-deps:xenial@* libjpeg-turbo/libjpeg-turbo8-dev@1.4.2-0ubuntu3.4

Overview

Affected versions of this package are vulnerable to CVE-2020-14151. In IJG JPEG (aka libjpeg) before 9d, read_*_pixel() in rdtarga.c in cjpeg mishandles EOF.

Remediation

There is no fixed version for libjpeg-turbo.

References

medium severity

Security Features

  • Vulnerable module: apparmor/libapparmor1
  • Introduced through: apparmor/libapparmor1@2.10.95-0ubuntu2.11

Detailed paths

  • Introduced through: buildpack-deps:xenial@* apparmor/libapparmor1@2.10.95-0ubuntu2.11

Overview

In all versions of AppArmor mount rules are accidentally widened when compiled.

References

medium severity

Integer Overflow or Wraparound

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.

References

medium severity

Integer Overflow or Wraparound

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.

References

medium severity

Information Exposure

  • Vulnerable module: gcc-5
  • Introduced through: gcc-5@5.4.0-6ubuntu1~16.04.12, gcc-5/cpp-5@5.4.0-6ubuntu1~16.04.12 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* gcc-5@5.4.0-6ubuntu1~16.04.12
  • Introduced through: buildpack-deps:xenial@* gcc-5/cpp-5@5.4.0-6ubuntu1~16.04.12
  • Introduced through: buildpack-deps:xenial@* gcc-5/g++-5@5.4.0-6ubuntu1~16.04.12
  • Introduced through: buildpack-deps:xenial@* gcc-5/gcc-5-base@5.4.0-6ubuntu1~16.04.12
  • Introduced through: buildpack-deps:xenial@* gcc-5/libasan2@5.4.0-6ubuntu1~16.04.12
  • Introduced through: buildpack-deps:xenial@* gcc-5/libatomic1@5.4.0-6ubuntu1~16.04.12
  • Introduced through: buildpack-deps:xenial@* gcc-5/libcc1-0@5.4.0-6ubuntu1~16.04.12
  • Introduced through: buildpack-deps:xenial@* gcc-5/libcilkrts5@5.4.0-6ubuntu1~16.04.12
  • Introduced through: buildpack-deps:xenial@* gcc-5/libgcc-5-dev@5.4.0-6ubuntu1~16.04.12
  • Introduced through: buildpack-deps:xenial@* gcc-5/libgomp1@5.4.0-6ubuntu1~16.04.12
  • Introduced through: buildpack-deps:xenial@* gcc-5/libitm1@5.4.0-6ubuntu1~16.04.12
  • Introduced through: buildpack-deps:xenial@* gcc-5/liblsan0@5.4.0-6ubuntu1~16.04.12
  • Introduced through: buildpack-deps:xenial@* gcc-5/libmpx0@5.4.0-6ubuntu1~16.04.12
  • Introduced through: buildpack-deps:xenial@* gcc-5/libquadmath0@5.4.0-6ubuntu1~16.04.12
  • Introduced through: buildpack-deps:xenial@* gcc-5/libstdc++-5-dev@5.4.0-6ubuntu1~16.04.12
  • Introduced through: buildpack-deps:xenial@* gcc-5/libstdc++6@5.4.0-6ubuntu1~16.04.12
  • Introduced through: buildpack-deps:xenial@* gcc-5/libtsan0@5.4.0-6ubuntu1~16.04.12
  • Introduced through: buildpack-deps:xenial@* gcc-5/libubsan0@5.4.0-6ubuntu1~16.04.12

Overview

Affected versions of this package are vulnerable to Information Exposure. Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."

Remediation

There is no fixed version for gcc-5.

References

medium severity

Information Exposure

  • Vulnerable module: gcc-defaults/cpp
  • Introduced through: gcc-defaults/cpp@4:5.3.1-1ubuntu1, gcc-defaults/g++@4:5.3.1-1ubuntu1 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* gcc-defaults/cpp@4:5.3.1-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* gcc-defaults/g++@4:5.3.1-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* gcc-defaults/gcc@4:5.3.1-1ubuntu1

Overview

Affected versions of this package are vulnerable to Information Exposure. Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."

Remediation

There is no fixed version for gcc-defaults.

References

medium severity

Information Exposure

  • Vulnerable module: gccgo-6/gcc-6-base
  • Introduced through: gccgo-6/gcc-6-base@6.0.1-0ubuntu1 and gccgo-6/libgcc1@1:6.0.1-0ubuntu1

Detailed paths

  • Introduced through: buildpack-deps:xenial@* gccgo-6/gcc-6-base@6.0.1-0ubuntu1
  • Introduced through: buildpack-deps:xenial@* gccgo-6/libgcc1@1:6.0.1-0ubuntu1

Overview

Affected versions of this package are vulnerable to Information Exposure. Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."

Remediation

There is no fixed version for gccgo-6.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.8.9.9-7ubuntu5.16, imagemagick/imagemagick-6.q16@8:6.8.9.9-7ubuntu5.16 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* imagemagick@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/imagemagick-6.q16@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/imagemagick-common@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6-arch-config@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6-headers@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6.q16-2@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6.q16-2-extra@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6.q16-dev@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-dev@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickwand-6-headers@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickwand-6.q16-2@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickwand-6.q16-dev@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickwand-dev@8:6.8.9.9-7ubuntu5.16

Overview

Affected versions of this package are vulnerable to Out-of-bounds Write. A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0.

Remediation

There is no fixed version for imagemagick.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.8.9.9-7ubuntu5.16, imagemagick/imagemagick-6.q16@8:6.8.9.9-7ubuntu5.16 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* imagemagick@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/imagemagick-6.q16@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/imagemagick-common@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6-arch-config@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6-headers@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6.q16-2@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6.q16-2-extra@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6.q16-dev@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-dev@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickwand-6-headers@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickwand-6.q16-2@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickwand-6.q16-dev@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickwand-dev@8:6.8.9.9-7ubuntu5.16

Overview

Affected versions of this package are vulnerable to Out-of-bounds Write. In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68.

Remediation

There is no fixed version for imagemagick.

References

medium severity

Reachable Assertion

  • Vulnerable module: krb5/krb5-multidev
  • Introduced through: krb5/krb5-multidev@1.13.2+dfsg-5ubuntu2.2, krb5/libgssapi-krb5-2@1.13.2+dfsg-5ubuntu2.2 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* krb5/krb5-multidev@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libgssapi-krb5-2@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libgssrpc4@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libk5crypto3@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkadm5clnt-mit9@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkadm5srv-mit9@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkdb5-8@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkrb5-3@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkrb5-dev@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkrb5support0@1.13.2+dfsg-5ubuntu2.2

Overview

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: libexif/libexif-dev
  • Introduced through: libexif/libexif-dev@0.6.21-2ubuntu0.6 and libexif/libexif12@0.6.21-2ubuntu0.6

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libexif/libexif-dev@0.6.21-2ubuntu0.6
  • Introduced through: buildpack-deps:xenial@* libexif/libexif12@0.6.21-2ubuntu0.6

Overview

In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616

References

medium severity

Out-of-bounds Write

  • Vulnerable module: libmaxminddb/libmaxminddb-dev
  • Introduced through: libmaxminddb/libmaxminddb-dev@1.0.4-2.1 and libmaxminddb/libmaxminddb0@1.0.4-2.1

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libmaxminddb/libmaxminddb-dev@1.0.4-2.1
  • Introduced through: buildpack-deps:xenial@* libmaxminddb/libmaxminddb0@1.0.4-2.1

Overview

Affected versions of this package are vulnerable to Out-of-bounds Write libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.

Remediation

There is no fixed version for libmaxminddb.

References

medium severity

Link Following

  • Vulnerable module: mercurial
  • Introduced through: mercurial@3.7.3-1ubuntu1.2 and mercurial/mercurial-common@3.7.3-1ubuntu1.2

Detailed paths

  • Introduced through: buildpack-deps:xenial@* mercurial@3.7.3-1ubuntu1.2
  • Introduced through: buildpack-deps:xenial@* mercurial/mercurial-common@3.7.3-1ubuntu1.2

Overview

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: mercurial
  • Introduced through: mercurial@3.7.3-1ubuntu1.2 and mercurial/mercurial-common@3.7.3-1ubuntu1.2

Detailed paths

  • Introduced through: buildpack-deps:xenial@* mercurial@3.7.3-1ubuntu1.2
  • Introduced through: buildpack-deps:xenial@* mercurial/mercurial-common@3.7.3-1ubuntu1.2

Overview

cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.

References

medium severity

Access of Resource Using Incompatible Type ('Type Confusion')

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.42+dfsg-2ubuntu3.11
  • Fixed in: 2.4.42+dfsg-2ubuntu3.12

Detailed paths

  • Introduced through: buildpack-deps:xenial@* openldap/libldap-2.4-2@2.4.42+dfsg-2ubuntu3.11

Overview

Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion'). A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.

Remediation

Upgrade openldap to version or higher.

References

medium severity

CVE-2020-36226

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.42+dfsg-2ubuntu3.11
  • Fixed in: 2.4.42+dfsg-2ubuntu3.12

Detailed paths

  • Introduced through: buildpack-deps:xenial@* openldap/libldap-2.4-2@2.4.42+dfsg-2ubuntu3.11

Overview

Affected versions of this package are vulnerable to CVE-2020-36226. A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.

Remediation

Upgrade openldap to version or higher.

References

medium severity

Double Free

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.42+dfsg-2ubuntu3.11
  • Fixed in: 2.4.42+dfsg-2ubuntu3.12

Detailed paths

  • Introduced through: buildpack-deps:xenial@* openldap/libldap-2.4-2@2.4.42+dfsg-2ubuntu3.11

Overview

Affected versions of this package are vulnerable to Double Free. A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.

Remediation

Upgrade openldap to version or higher.

References

medium severity

Integer Underflow

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.42+dfsg-2ubuntu3.11
  • Fixed in: 2.4.42+dfsg-2ubuntu3.12

Detailed paths

  • Introduced through: buildpack-deps:xenial@* openldap/libldap-2.4-2@2.4.42+dfsg-2ubuntu3.11

Overview

Affected versions of this package are vulnerable to Integer Underflow. An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.

Remediation

Upgrade openldap to version or higher.

References

medium severity

Integer Underflow

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.42+dfsg-2ubuntu3.11
  • Fixed in: 2.4.42+dfsg-2ubuntu3.12

Detailed paths

  • Introduced through: buildpack-deps:xenial@* openldap/libldap-2.4-2@2.4.42+dfsg-2ubuntu3.11

Overview

Affected versions of this package are vulnerable to Integer Underflow. An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).

Remediation

Upgrade openldap to version or higher.

References

medium severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.42+dfsg-2ubuntu3.11
  • Fixed in: 2.4.42+dfsg-2ubuntu3.12

Detailed paths

  • Introduced through: buildpack-deps:xenial@* openldap/libldap-2.4-2@2.4.42+dfsg-2ubuntu3.11

Overview

Affected versions of this package are vulnerable to Loop with Unreachable Exit Condition ('Infinite Loop'). A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.

Remediation

Upgrade openldap to version or higher.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.42+dfsg-2ubuntu3.11
  • Fixed in: 2.4.42+dfsg-2ubuntu3.12

Detailed paths

  • Introduced through: buildpack-deps:xenial@* openldap/libldap-2.4-2@2.4.42+dfsg-2ubuntu3.11

Overview

Affected versions of this package are vulnerable to Out-of-bounds Read. A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).

Remediation

Upgrade openldap to version or higher.

References

medium severity

Reachable Assertion

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.42+dfsg-2ubuntu3.11
  • Fixed in: 2.4.42+dfsg-2ubuntu3.12

Detailed paths

  • Introduced through: buildpack-deps:xenial@* openldap/libldap-2.4-2@2.4.42+dfsg-2ubuntu3.11

Overview

Affected versions of this package are vulnerable to Reachable Assertion. A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.

Remediation

Upgrade openldap to version or higher.

References

medium severity

Reachable Assertion

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.42+dfsg-2ubuntu3.11
  • Fixed in: 2.4.42+dfsg-2ubuntu3.12

Detailed paths

  • Introduced through: buildpack-deps:xenial@* openldap/libldap-2.4-2@2.4.42+dfsg-2ubuntu3.11

Overview

Affected versions of this package are vulnerable to Reachable Assertion. A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.

Remediation

Upgrade openldap to version or higher.

References

medium severity
new

Reachable Assertion

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.42+dfsg-2ubuntu3.11
  • Fixed in: 2.4.42+dfsg-2ubuntu3.13

Detailed paths

  • Introduced through: buildpack-deps:xenial@* openldap/libldap-2.4-2@2.4.42+dfsg-2ubuntu3.11

Overview

Affected versions of this package are vulnerable to Reachable Assertion. In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.

Remediation

Upgrade openldap to version or higher.

References

medium severity

Release of Invalid Pointer or Reference

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.42+dfsg-2ubuntu3.11
  • Fixed in: 2.4.42+dfsg-2ubuntu3.12

Detailed paths

  • Introduced through: buildpack-deps:xenial@* openldap/libldap-2.4-2@2.4.42+dfsg-2ubuntu3.11

Overview

Affected versions of this package are vulnerable to Release of Invalid Pointer or Reference. A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.

Remediation

Upgrade openldap to version or higher.

References

medium severity
new

Integer Overflow or Wraparound

  • Vulnerable module: openssl
  • Introduced through: openssl@1.0.2g-1ubuntu4.18, openssl/libssl-dev@1.0.2g-1ubuntu4.18 and others
  • Fixed in: 1.0.2g-1ubuntu4.19

Detailed paths

  • Introduced through: buildpack-deps:xenial@* openssl@1.0.2g-1ubuntu4.18
  • Introduced through: buildpack-deps:xenial@* openssl/libssl-dev@1.0.2g-1ubuntu4.18
  • Introduced through: buildpack-deps:xenial@* openssl/libssl1.0.0@1.0.2g-1ubuntu4.18

Overview

Affected versions of this package are vulnerable to Integer Overflow or Wraparound. The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

Remediation

Upgrade openssl to version or higher.

References

medium severity

Buffer Overflow

  • Vulnerable module: python2.7
  • Introduced through: python2.7@2.7.12-1ubuntu0~16.04.13, python2.7/libpython2.7-minimal@2.7.12-1ubuntu0~16.04.13 and others
  • Fixed in: 2.7.12-1ubuntu0~16.04.18

Detailed paths

  • Introduced through: buildpack-deps:xenial@* python2.7@2.7.12-1ubuntu0~16.04.13
  • Introduced through: buildpack-deps:xenial@* python2.7/libpython2.7-minimal@2.7.12-1ubuntu0~16.04.13
  • Introduced through: buildpack-deps:xenial@* python2.7/libpython2.7-stdlib@2.7.12-1ubuntu0~16.04.13
  • Introduced through: buildpack-deps:xenial@* python2.7/python2.7-minimal@2.7.12-1ubuntu0~16.04.13

Overview

Affected versions of this package are vulnerable to Buffer Overflow. Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.

Remediation

Upgrade python2.7 to version or higher.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.11.0-1ubuntu1.5 and sqlite3/libsqlite3-dev@3.11.0-1ubuntu1.5

Detailed paths

  • Introduced through: buildpack-deps:xenial@* sqlite3/libsqlite3-0@3.11.0-1ubuntu1.5
  • Introduced through: buildpack-deps:xenial@* sqlite3/libsqlite3-dev@3.11.0-1ubuntu1.5

Overview

Affected versions of this package are vulnerable to Out-of-bounds Read. An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.

Remediation

There is no fixed version for sqlite3.

References

medium severity
new

CVE-2020-17525

  • Vulnerable module: subversion
  • Introduced through: subversion@1.9.3-2ubuntu1.3 and subversion/libsvn1@1.9.3-2ubuntu1.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* subversion@1.9.3-2ubuntu1.3
  • Introduced through: buildpack-deps:xenial@* subversion/libsvn1@1.9.3-2ubuntu1.3

Overview

Affected versions of this package are vulnerable to CVE-2020-17525. Remote unauthenticated denial-of-service in Subversion mod_authz_svn Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service.

Remediation

There is no fixed version for subversion.

References

medium severity

Information Exposure

  • Vulnerable module: systemd
  • Introduced through: systemd@229-4ubuntu21.29, systemd/libsystemd0@229-4ubuntu21.29 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* systemd@229-4ubuntu21.29
  • Introduced through: buildpack-deps:xenial@* systemd/libsystemd0@229-4ubuntu21.29
  • Introduced through: buildpack-deps:xenial@* systemd/libudev1@229-4ubuntu21.29
  • Introduced through: buildpack-deps:xenial@* systemd/systemd-sysv@229-4ubuntu21.29

Overview

systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.

References

medium severity
new

CVE-2020-35523

  • Vulnerable module: tiff/libtiff5
  • Introduced through: tiff/libtiff5@4.0.6-1ubuntu0.7, tiff/libtiff5-dev@4.0.6-1ubuntu0.7 and others
  • Fixed in: 4.0.6-1ubuntu0.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* tiff/libtiff5@4.0.6-1ubuntu0.7
  • Introduced through: buildpack-deps:xenial@* tiff/libtiff5-dev@4.0.6-1ubuntu0.7
  • Introduced through: buildpack-deps:xenial@* tiff/libtiffxx5@4.0.6-1ubuntu0.7

Overview

Affected versions of this package are vulnerable to CVE-2020-35523. Integer overflow in tif_getimage.c

Remediation

Upgrade tiff to version or higher.

References

medium severity
new

CVE-2020-35524

  • Vulnerable module: tiff/libtiff5
  • Introduced through: tiff/libtiff5@4.0.6-1ubuntu0.7, tiff/libtiff5-dev@4.0.6-1ubuntu0.7 and others
  • Fixed in: 4.0.6-1ubuntu0.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* tiff/libtiff5@4.0.6-1ubuntu0.7
  • Introduced through: buildpack-deps:xenial@* tiff/libtiff5-dev@4.0.6-1ubuntu0.7
  • Introduced through: buildpack-deps:xenial@* tiff/libtiffxx5@4.0.6-1ubuntu0.7

Overview

Affected versions of this package are vulnerable to CVE-2020-35524. Heap-based buffer overflow in TIFF2PDF tool

Remediation

Upgrade tiff to version or higher.

References

medium severity

Use After Free

  • Vulnerable module: tiff/libtiff5
  • Introduced through: tiff/libtiff5@4.0.6-1ubuntu0.7, tiff/libtiff5-dev@4.0.6-1ubuntu0.7 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* tiff/libtiff5@4.0.6-1ubuntu0.7
  • Introduced through: buildpack-deps:xenial@* tiff/libtiff5-dev@4.0.6-1ubuntu0.7
  • Introduced through: buildpack-deps:xenial@* tiff/libtiffxx5@4.0.6-1ubuntu0.7

Overview

** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.

References

low severity

Out-of-bounds Read

  • Vulnerable module: apr-util/libaprutil1
  • Introduced through: apr-util/libaprutil1@1.5.4-1build1

Detailed paths

  • Introduced through: buildpack-deps:xenial@* apr-util/libaprutil1@1.5.4-1build1

Overview

Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.

References

low severity

Out-of-bounds Read

  • Vulnerable module: apr/libapr1
  • Introduced through: apr/libapr1@1.5.2-3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* apr/libapr1@1.5.2-3

Overview

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.

References

low severity
new

Link Following

  • Vulnerable module: avahi/libavahi-client3
  • Introduced through: avahi/libavahi-client3@0.6.32~rc+dfsg-1ubuntu2.3, avahi/libavahi-common-data@0.6.32~rc+dfsg-1ubuntu2.3 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* avahi/libavahi-client3@0.6.32~rc+dfsg-1ubuntu2.3
  • Introduced through: buildpack-deps:xenial@* avahi/libavahi-common-data@0.6.32~rc+dfsg-1ubuntu2.3
  • Introduced through: buildpack-deps:xenial@* avahi/libavahi-common3@0.6.32~rc+dfsg-1ubuntu2.3

Overview

Affected versions of this package are vulnerable to Link Following avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.

Remediation

There is no fixed version for avahi.

References

low severity

Improper Check for Dropped Privileges

  • Vulnerable module: bash
  • Introduced through: bash@4.3-14ubuntu1.4

Detailed paths

  • Introduced through: buildpack-deps:xenial@* bash@4.3-14ubuntu1.4

Overview

An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.

References

low severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.

References

low severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.

References

low severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

References

low severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.

References

low severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.

References

low severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.

References

low severity

Divide By Zero

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.

References

low severity

Improper Input Validation

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

Affected versions of this package are vulnerable to Improper Input Validation. A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.

Remediation

There is no fixed version for binutils.

References

low severity

Improper Input Validation

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.

References

low severity

Improper Input Validation

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.

References

low severity

Improper Input Validation

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash.

References

low severity

Improper Input Validation

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.

References

low severity

Improper Input Validation

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

References

low severity

Incorrect Type Conversion or Cast

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in malloc() with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during "readelf -a" execution.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.

References

low severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.

References

low severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.

References

low severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.

References

low severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.

References

low severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.

References

low severity

Missing Release of Resource after Effective Lifetime

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.

References

low severity

Missing Release of Resource after Effective Lifetime

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this.

References

low severity

Missing Release of Resource after Effective Lifetime

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.

References

low severity

Missing Release of Resource after Effective Lifetime

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime. The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.

Remediation

There is no fixed version for binutils.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during "objdump -D" execution.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during "objdump -D" execution.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

References

low severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The regs macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.

References

low severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.

References

low severity

Out-of-bounds Write

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.

References

low severity

Out-of-bounds Write

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.

References

low severity

Out-of-bounds Write

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.

References

low severity

Out-of-bounds Write

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.

References

low severity

Out-of-bounds Write

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.

References

low severity

Out-of-bounds Write

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file.

References

low severity

Out-of-bounds Write

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.

References

low severity

Out-of-bounds Write

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file.

References

low severity

Out-of-bounds Write

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.

References

low severity

Out-of-bounds Write

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.

References

low severity

Out-of-bounds Write

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

References

low severity

Resource Exhaustion

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.

References

low severity

Resource Exhaustion

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.

References

low severity

Resource Management Errors

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.

References

low severity

Uncontrolled Recursion

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type.

References

low severity

Uncontrolled Recursion

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.

References

low severity

Uncontrolled Recursion

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.

References

low severity

Use After Free

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c.

References

low severity

Use After Free

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.

References

low severity

Use After Free

  • Vulnerable module: binutils
  • Introduced through: binutils@2.26.1-1ubuntu1~16.04.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* binutils@2.26.1-1ubuntu1~16.04.8

Overview

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: cairo/libcairo-gobject2
  • Introduced through: cairo/libcairo-gobject2@1.14.6-1, cairo/libcairo-script-interpreter2@1.14.6-1 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* cairo/libcairo-gobject2@1.14.6-1
  • Introduced through: buildpack-deps:xenial@* cairo/libcairo-script-interpreter2@1.14.6-1
  • Introduced through: buildpack-deps:xenial@* cairo/libcairo2@1.14.6-1
  • Introduced through: buildpack-deps:xenial@* cairo/libcairo2-dev@1.14.6-1

Overview

Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.

References

low severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: cairo/libcairo-gobject2
  • Introduced through: cairo/libcairo-gobject2@1.14.6-1, cairo/libcairo-script-interpreter2@1.14.6-1 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* cairo/libcairo-gobject2@1.14.6-1
  • Introduced through: buildpack-deps:xenial@* cairo/libcairo-script-interpreter2@1.14.6-1
  • Introduced through: buildpack-deps:xenial@* cairo/libcairo2@1.14.6-1
  • Introduced through: buildpack-deps:xenial@* cairo/libcairo2-dev@1.14.6-1

Overview

An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: cairo/libcairo-gobject2
  • Introduced through: cairo/libcairo-gobject2@1.14.6-1, cairo/libcairo-script-interpreter2@1.14.6-1 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* cairo/libcairo-gobject2@1.14.6-1
  • Introduced through: buildpack-deps:xenial@* cairo/libcairo-script-interpreter2@1.14.6-1
  • Introduced through: buildpack-deps:xenial@* cairo/libcairo2@1.14.6-1
  • Introduced through: buildpack-deps:xenial@* cairo/libcairo2-dev@1.14.6-1

Overview

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.

References

low severity

Out-of-Bounds

  • Vulnerable module: cairo/libcairo-gobject2
  • Introduced through: cairo/libcairo-gobject2@1.14.6-1, cairo/libcairo-script-interpreter2@1.14.6-1 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* cairo/libcairo-gobject2@1.14.6-1
  • Introduced through: buildpack-deps:xenial@* cairo/libcairo-script-interpreter2@1.14.6-1
  • Introduced through: buildpack-deps:xenial@* cairo/libcairo2@1.14.6-1
  • Introduced through: buildpack-deps:xenial@* cairo/libcairo2-dev@1.14.6-1

Overview

cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).

References

low severity

Out-of-bounds Read

  • Vulnerable module: cairo/libcairo-gobject2
  • Introduced through: cairo/libcairo-gobject2@1.14.6-1, cairo/libcairo-script-interpreter2@1.14.6-1 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* cairo/libcairo-gobject2@1.14.6-1
  • Introduced through: buildpack-deps:xenial@* cairo/libcairo-script-interpreter2@1.14.6-1
  • Introduced through: buildpack-deps:xenial@* cairo/libcairo2@1.14.6-1
  • Introduced through: buildpack-deps:xenial@* cairo/libcairo2-dev@1.14.6-1

Overview

cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

References

low severity

Reachable Assertion

  • Vulnerable module: cairo/libcairo-gobject2
  • Introduced through: cairo/libcairo-gobject2@1.14.6-1, cairo/libcairo-script-interpreter2@1.14.6-1 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* cairo/libcairo-gobject2@1.14.6-1
  • Introduced through: buildpack-deps:xenial@* cairo/libcairo-script-interpreter2@1.14.6-1
  • Introduced through: buildpack-deps:xenial@* cairo/libcairo2@1.14.6-1
  • Introduced through: buildpack-deps:xenial@* cairo/libcairo2-dev@1.14.6-1

Overview

An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.

References

low severity

Improper Input Validation

  • Vulnerable module: coreutils
  • Introduced through: coreutils@8.25-2ubuntu3~16.04

Detailed paths

  • Introduced through: buildpack-deps:xenial@* coreutils@8.25-2ubuntu3~16.04

Overview

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

References

low severity

Improper Authentication

  • Vulnerable module: cryptsetup/libcryptsetup4
  • Introduced through: cryptsetup/libcryptsetup4@2:1.6.6-5ubuntu2.1

Detailed paths

  • Introduced through: buildpack-deps:xenial@* cryptsetup/libcryptsetup4@2:1.6.6-5ubuntu2.1

Overview

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.

References

low severity

Buffer Overflow

  • Vulnerable module: cups/libcups2
  • Introduced through: cups/libcups2@2.1.3-4ubuntu0.11

Detailed paths

  • Introduced through: buildpack-deps:xenial@* cups/libcups2@2.1.3-4ubuntu0.11

Overview

Affected versions of this package are vulnerable to Buffer Overflow. A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs.

Remediation

There is no fixed version for cups.

References

low severity
new

CVE-2020-10001

  • Vulnerable module: cups/libcups2
  • Introduced through: cups/libcups2@2.1.3-4ubuntu0.11

Detailed paths

  • Introduced through: buildpack-deps:xenial@* cups/libcups2@2.1.3-4ubuntu0.11

Overview

Affected versions of this package are vulnerable to CVE-2020-10001 buffer (read) overflow in the ippReadIO function

Remediation

There is no fixed version for cups.

References

low severity

Improper Input Validation

  • Vulnerable module: curl
  • Introduced through: curl@7.47.0-1ubuntu2.18, curl/libcurl3@7.47.0-1ubuntu2.18 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* curl@7.47.0-1ubuntu2.18
  • Introduced through: buildpack-deps:xenial@* curl/libcurl3@7.47.0-1ubuntu2.18
  • Introduced through: buildpack-deps:xenial@* curl/libcurl3-gnutls@7.47.0-1ubuntu2.18
  • Introduced through: buildpack-deps:xenial@* curl/libcurl4-openssl-dev@7.47.0-1ubuntu2.18

Overview

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.

References

low severity

Directory Traversal

  • Vulnerable module: dpkg
  • Introduced through: dpkg@1.18.4ubuntu1.6, dpkg/dpkg-dev@1.18.4ubuntu1.6 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* dpkg@1.18.4ubuntu1.6
  • Introduced through: buildpack-deps:xenial@* dpkg/dpkg-dev@1.18.4ubuntu1.6
  • Introduced through: buildpack-deps:xenial@* dpkg/libdpkg-perl@1.18.4ubuntu1.6

Overview

dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.

References

low severity

Improper Input Validation

  • Vulnerable module: git
  • Introduced through: git@1:2.7.4-0ubuntu1.9 and git/git-man@1:2.7.4-0ubuntu1.9

Detailed paths

  • Introduced through: buildpack-deps:xenial@* git@1:2.7.4-0ubuntu1.9
  • Introduced through: buildpack-deps:xenial@* git/git-man@1:2.7.4-0ubuntu1.9

Overview

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

References

low severity

Cryptographic Issues

  • Vulnerable module: glib2.0/libglib2.0-0
  • Introduced through: glib2.0/libglib2.0-0@2.48.2-0ubuntu4.6, glib2.0/libglib2.0-bin@2.48.2-0ubuntu4.6 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* glib2.0/libglib2.0-0@2.48.2-0ubuntu4.6
  • Introduced through: buildpack-deps:xenial@* glib2.0/libglib2.0-bin@2.48.2-0ubuntu4.6
  • Introduced through: buildpack-deps:xenial@* glib2.0/libglib2.0-data@2.48.2-0ubuntu4.6
  • Introduced through: buildpack-deps:xenial@* glib2.0/libglib2.0-dev@2.48.2-0ubuntu4.6

Overview

** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.

References

low severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.23-0ubuntu11.2, glibc/libc-dev-bin@2.23-0ubuntu11.2 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* glibc/libc-bin@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc-dev-bin@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc6@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc6-dev@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/multiarch-support@2.23-0ubuntu11.2

Overview

The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.

References

low severity

CVE-2020-27618

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.23-0ubuntu11.2, glibc/libc-dev-bin@2.23-0ubuntu11.2 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* glibc/libc-bin@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc-dev-bin@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc6@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc6-dev@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/multiarch-support@2.23-0ubuntu11.2

Overview

Affected versions of this package are vulnerable to CVE-2020-27618. The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.

Remediation

There is no fixed version for glibc.

References

low severity

Improper Data Handling

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.23-0ubuntu11.2, glibc/libc-dev-bin@2.23-0ubuntu11.2 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* glibc/libc-bin@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc-dev-bin@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc6@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc6-dev@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/multiarch-support@2.23-0ubuntu11.2

Overview

In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.

References

low severity

Improper Data Handling

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.23-0ubuntu11.2, glibc/libc-dev-bin@2.23-0ubuntu11.2 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* glibc/libc-bin@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc-dev-bin@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc6@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc6-dev@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/multiarch-support@2.23-0ubuntu11.2

Overview

The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.

References

low severity

Improper Input Validation

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.23-0ubuntu11.2, glibc/libc-dev-bin@2.23-0ubuntu11.2 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* glibc/libc-bin@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc-dev-bin@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc6@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc6-dev@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/multiarch-support@2.23-0ubuntu11.2

Overview

The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.

References

low severity

Improper Input Validation

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.23-0ubuntu11.2, glibc/libc-dev-bin@2.23-0ubuntu11.2 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* glibc/libc-bin@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc-dev-bin@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc6@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc6-dev@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/multiarch-support@2.23-0ubuntu11.2

Overview

In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.

References

low severity

Integer Underflow

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.23-0ubuntu11.2, glibc/libc-dev-bin@2.23-0ubuntu11.2 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* glibc/libc-bin@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc-dev-bin@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc6@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc6-dev@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/multiarch-support@2.23-0ubuntu11.2

Overview

Affected versions of this package are vulnerable to Integer Underflow. An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.

Remediation

There is no fixed version for glibc.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.23-0ubuntu11.2, glibc/libc-dev-bin@2.23-0ubuntu11.2 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* glibc/libc-bin@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc-dev-bin@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc6@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc6-dev@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/multiarch-support@2.23-0ubuntu11.2

low severity

Out-of-Bounds

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.23-0ubuntu11.2, glibc/libc-dev-bin@2.23-0ubuntu11.2 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* glibc/libc-bin@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc-dev-bin@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc6@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc6-dev@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/multiarch-support@2.23-0ubuntu11.2

Overview

In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.

References

low severity

Out-of-bounds Read

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.23-0ubuntu11.2, glibc/libc-dev-bin@2.23-0ubuntu11.2 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* glibc/libc-bin@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc-dev-bin@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc6@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc6-dev@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/multiarch-support@2.23-0ubuntu11.2

Overview

Affected versions of this package are vulnerable to Out-of-bounds Read. The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

Remediation

There is no fixed version for glibc.

References

low severity

Uncontrolled Recursion

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.23-0ubuntu11.2, glibc/libc-dev-bin@2.23-0ubuntu11.2 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* glibc/libc-bin@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc-dev-bin@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc6@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/libc6-dev@2.23-0ubuntu11.2
  • Introduced through: buildpack-deps:xenial@* glibc/multiarch-support@2.23-0ubuntu11.2

Overview

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\1\1|t1|\\2537)+' in grep.

References

low severity

Improper Validation of Certificate with Host Mismatch

  • Vulnerable module: gnupg
  • Introduced through: gnupg@1.4.20-1ubuntu3.3 and gnupg/gpgv@1.4.20-1ubuntu3.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* gnupg@1.4.20-1ubuntu3.3
  • Introduced through: buildpack-deps:xenial@* gnupg/gpgv@1.4.20-1ubuntu3.3

Overview

Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.

References

low severity

Use of a Broken or Risky Cryptographic Algorithm

  • Vulnerable module: gnupg
  • Introduced through: gnupg@1.4.20-1ubuntu3.3 and gnupg/gpgv@1.4.20-1ubuntu3.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* gnupg@1.4.20-1ubuntu3.3
  • Introduced through: buildpack-deps:xenial@* gnupg/gpgv@1.4.20-1ubuntu3.3

Overview

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

References

low severity

Information Exposure

  • Vulnerable module: gnutls28/libgnutls30
  • Introduced through: gnutls28/libgnutls30@3.4.10-4ubuntu1.8

Detailed paths

  • Introduced through: buildpack-deps:xenial@* gnutls28/libgnutls30@3.4.10-4ubuntu1.8

Overview

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: graphite2/libgraphite2-3
  • Introduced through: graphite2/libgraphite2-3@1.3.10-0ubuntu0.16.04.1

Detailed paths

  • Introduced through: buildpack-deps:xenial@* graphite2/libgraphite2-3@1.3.10-0ubuntu0.16.04.1

Overview

In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: graphviz/libcdt5
  • Introduced through: graphviz/libcdt5@2.38.0-12ubuntu2.1, graphviz/libcgraph6@2.38.0-12ubuntu2.1 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* graphviz/libcdt5@2.38.0-12ubuntu2.1
  • Introduced through: buildpack-deps:xenial@* graphviz/libcgraph6@2.38.0-12ubuntu2.1
  • Introduced through: buildpack-deps:xenial@* graphviz/libgraphviz-dev@2.38.0-12ubuntu2.1
  • Introduced through: buildpack-deps:xenial@* graphviz/libgvc6@2.38.0-12ubuntu2.1
  • Introduced through: buildpack-deps:xenial@* graphviz/libgvc6-plugins-gtk@2.38.0-12ubuntu2.1
  • Introduced through: buildpack-deps:xenial@* graphviz/libgvpr2@2.38.0-12ubuntu2.1
  • Introduced through: buildpack-deps:xenial@* graphviz/libpathplan4@2.38.0-12ubuntu2.1
  • Introduced through: buildpack-deps:xenial@* graphviz/libxdot4@2.38.0-12ubuntu2.1

Overview

NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.

References

low severity

Out-of-bounds Read

  • Vulnerable module: harfbuzz/libharfbuzz0b
  • Introduced through: harfbuzz/libharfbuzz0b@1.0.1-1ubuntu0.1

Detailed paths

  • Introduced through: buildpack-deps:xenial@* harfbuzz/libharfbuzz0b@1.0.1-1ubuntu0.1

Overview

HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh.

References

low severity

Improper Certificate Validation

  • Vulnerable module: heimdal/libasn1-8-heimdal
  • Introduced through: heimdal/libasn1-8-heimdal@1.7~git20150920+dfsg-4ubuntu1.16.04.1, heimdal/libgssapi3-heimdal@1.7~git20150920+dfsg-4ubuntu1.16.04.1 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* heimdal/libasn1-8-heimdal@1.7~git20150920+dfsg-4ubuntu1.16.04.1
  • Introduced through: buildpack-deps:xenial@* heimdal/libgssapi3-heimdal@1.7~git20150920+dfsg-4ubuntu1.16.04.1
  • Introduced through: buildpack-deps:xenial@* heimdal/libhcrypto4-heimdal@1.7~git20150920+dfsg-4ubuntu1.16.04.1
  • Introduced through: buildpack-deps:xenial@* heimdal/libheimbase1-heimdal@1.7~git20150920+dfsg-4ubuntu1.16.04.1
  • Introduced through: buildpack-deps:xenial@* heimdal/libheimntlm0-heimdal@1.7~git20150920+dfsg-4ubuntu1.16.04.1
  • Introduced through: buildpack-deps:xenial@* heimdal/libhx509-5-heimdal@1.7~git20150920+dfsg-4ubuntu1.16.04.1
  • Introduced through: buildpack-deps:xenial@* heimdal/libkrb5-26-heimdal@1.7~git20150920+dfsg-4ubuntu1.16.04.1
  • Introduced through: buildpack-deps:xenial@* heimdal/libroken18-heimdal@1.7~git20150920+dfsg-4ubuntu1.16.04.1
  • Introduced through: buildpack-deps:xenial@* heimdal/libwind0-heimdal@1.7~git20150920+dfsg-4ubuntu1.16.04.1

Overview

The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.

References

low severity

Key Management Errors

  • Vulnerable module: heimdal/libasn1-8-heimdal
  • Introduced through: heimdal/libasn1-8-heimdal@1.7~git20150920+dfsg-4ubuntu1.16.04.1, heimdal/libgssapi3-heimdal@1.7~git20150920+dfsg-4ubuntu1.16.04.1 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* heimdal/libasn1-8-heimdal@1.7~git20150920+dfsg-4ubuntu1.16.04.1
  • Introduced through: buildpack-deps:xenial@* heimdal/libgssapi3-heimdal@1.7~git20150920+dfsg-4ubuntu1.16.04.1
  • Introduced through: buildpack-deps:xenial@* heimdal/libhcrypto4-heimdal@1.7~git20150920+dfsg-4ubuntu1.16.04.1
  • Introduced through: buildpack-deps:xenial@* heimdal/libheimbase1-heimdal@1.7~git20150920+dfsg-4ubuntu1.16.04.1
  • Introduced through: buildpack-deps:xenial@* heimdal/libheimntlm0-heimdal@1.7~git20150920+dfsg-4ubuntu1.16.04.1
  • Introduced through: buildpack-deps:xenial@* heimdal/libhx509-5-heimdal@1.7~git20150920+dfsg-4ubuntu1.16.04.1
  • Introduced through: buildpack-deps:xenial@* heimdal/libkrb5-26-heimdal@1.7~git20150920+dfsg-4ubuntu1.16.04.1
  • Introduced through: buildpack-deps:xenial@* heimdal/libroken18-heimdal@1.7~git20150920+dfsg-4ubuntu1.16.04.1
  • Introduced through: buildpack-deps:xenial@* heimdal/libwind0-heimdal@1.7~git20150920+dfsg-4ubuntu1.16.04.1

Overview

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

References

low severity

Improper Input Validation

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.8.9.9-7ubuntu5.16, imagemagick/imagemagick-6.q16@8:6.8.9.9-7ubuntu5.16 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* imagemagick@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/imagemagick-6.q16@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/imagemagick-common@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6-arch-config@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6-headers@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6.q16-2@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6.q16-2-extra@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6.q16-dev@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-dev@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickwand-6-headers@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickwand-6.q16-2@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickwand-6.q16-dev@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickwand-dev@8:6.8.9.9-7ubuntu5.16

Overview

In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder.

References

low severity

Missing Release of Resource after Effective Lifetime

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.8.9.9-7ubuntu5.16, imagemagick/imagemagick-6.q16@8:6.8.9.9-7ubuntu5.16 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* imagemagick@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/imagemagick-6.q16@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/imagemagick-common@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6-arch-config@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6-headers@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6.q16-2@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6.q16-2-extra@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6.q16-dev@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-dev@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickwand-6-headers@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickwand-6.q16-2@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickwand-6.q16-dev@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickwand-dev@8:6.8.9.9-7ubuntu5.16

Overview

ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c.

References

low severity

Use After Free

  • Vulnerable module: imagemagick
  • Introduced through: imagemagick@8:6.8.9.9-7ubuntu5.16, imagemagick/imagemagick-6.q16@8:6.8.9.9-7ubuntu5.16 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* imagemagick@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/imagemagick-6.q16@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/imagemagick-common@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6-arch-config@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6-headers@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6.q16-2@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6.q16-2-extra@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-6.q16-dev@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickcore-dev@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickwand-6-headers@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickwand-6.q16-2@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickwand-6.q16-dev@8:6.8.9.9-7ubuntu5.16
  • Introduced through: buildpack-deps:xenial@* imagemagick/libmagickwand-dev@8:6.8.9.9-7ubuntu5.16

Overview

The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.

References

low severity

CVE-2017-13753

  • Vulnerable module: jasper/libjasper-dev
  • Introduced through: jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3 and jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3
  • Introduced through: buildpack-deps:xenial@* jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Overview

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9396. Reason: This candidate is a duplicate of CVE-2016-9396. Notes: All CVE users should reference CVE-2016-9396 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

low severity

Missing Release of Resource after Effective Lifetime

  • Vulnerable module: jasper/libjasper-dev
  • Introduced through: jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3 and jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3
  • Introduced through: buildpack-deps:xenial@* jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Overview

There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack.

References

low severity

Missing Release of Resource after Effective Lifetime

  • Vulnerable module: jasper/libjasper-dev
  • Introduced through: jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3 and jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3
  • Introduced through: buildpack-deps:xenial@* jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Overview

An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.

References

low severity

Missing Release of Resource after Effective Lifetime

  • Vulnerable module: jasper/libjasper-dev
  • Introduced through: jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3 and jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3
  • Introduced through: buildpack-deps:xenial@* jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Overview

JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.

References

low severity

Out-of-Bounds

  • Vulnerable module: jasper/libjasper-dev
  • Introduced through: jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3 and jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3
  • Introduced through: buildpack-deps:xenial@* jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Overview

Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.

References

low severity

Out-of-Bounds

  • Vulnerable module: jasper/libjasper-dev
  • Introduced through: jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3 and jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3
  • Introduced through: buildpack-deps:xenial@* jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Overview

JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.

References

low severity

Out-of-bounds Read

  • Vulnerable module: jasper/libjasper-dev
  • Introduced through: jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3 and jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3
  • Introduced through: buildpack-deps:xenial@* jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Overview

JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c.

References

low severity

Out-of-bounds Read

  • Vulnerable module: jasper/libjasper-dev
  • Introduced through: jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3 and jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3
  • Introduced through: buildpack-deps:xenial@* jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Overview

The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.

References

low severity

Out-of-bounds Read

  • Vulnerable module: jasper/libjasper-dev
  • Introduced through: jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3 and jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3
  • Introduced through: buildpack-deps:xenial@* jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Overview

jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.

References

low severity

Out-of-bounds Read

  • Vulnerable module: jasper/libjasper-dev
  • Introduced through: jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3 and jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3
  • Introduced through: buildpack-deps:xenial@* jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Overview

An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.

References

low severity

Out-of-bounds Read

  • Vulnerable module: jasper/libjasper-dev
  • Introduced through: jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3 and jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3
  • Introduced through: buildpack-deps:xenial@* jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Overview

An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.

References

low severity

Out-of-bounds Write

  • Vulnerable module: jasper/libjasper-dev
  • Introduced through: jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3 and jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3
  • Introduced through: buildpack-deps:xenial@* jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Overview

An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c.

References

low severity

Reachable Assertion

  • Vulnerable module: jasper/libjasper-dev
  • Introduced through: jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3 and jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3
  • Introduced through: buildpack-deps:xenial@* jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Overview

The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

References

low severity

Reachable Assertion

  • Vulnerable module: jasper/libjasper-dev
  • Introduced through: jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3 and jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3
  • Introduced through: buildpack-deps:xenial@* jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Overview

There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154.

References

low severity

Reachable Assertion

  • Vulnerable module: jasper/libjasper-dev
  • Introduced through: jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3 and jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3
  • Introduced through: buildpack-deps:xenial@* jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Overview

JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.

References

low severity

Reachable Assertion

  • Vulnerable module: jasper/libjasper-dev
  • Introduced through: jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3 and jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3
  • Introduced through: buildpack-deps:xenial@* jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Overview

JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c.

References

low severity

Reachable Assertion

  • Vulnerable module: jasper/libjasper-dev
  • Introduced through: jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3 and jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3
  • Introduced through: buildpack-deps:xenial@* jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Overview

The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

References

low severity

Reachable Assertion

  • Vulnerable module: jasper/libjasper-dev
  • Introduced through: jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3 and jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3
  • Introduced through: buildpack-deps:xenial@* jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Overview

An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.

References

low severity

Reachable Assertion

  • Vulnerable module: jasper/libjasper-dev
  • Introduced through: jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3 and jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* jasper/libjasper-dev@1.900.1-debian1-2.4ubuntu1.3
  • Introduced through: buildpack-deps:xenial@* jasper/libjasper1@1.900.1-debian1-2.4ubuntu1.3

Overview

The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

References

low severity

Out-of-Bounds

  • Vulnerable module: jbigkit/libjbig-dev
  • Introduced through: jbigkit/libjbig-dev@2.1-3.1 and jbigkit/libjbig0@2.1-3.1

Detailed paths

  • Introduced through: buildpack-deps:xenial@* jbigkit/libjbig-dev@2.1-3.1
  • Introduced through: buildpack-deps:xenial@* jbigkit/libjbig0@2.1-3.1

Overview

In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.

References

low severity

Cross-site Scripting (XSS)

  • Vulnerable module: jquery/libjs-jquery
  • Introduced through: jquery/libjs-jquery@1.11.3+dfsg-4

Detailed paths

  • Introduced through: buildpack-deps:xenial@* jquery/libjs-jquery@1.11.3+dfsg-4

low severity

Cross-site Scripting (XSS)

low severity

Integer Overflow or Wraparound

  • Vulnerable module: krb5/krb5-multidev
  • Introduced through: krb5/krb5-multidev@1.13.2+dfsg-5ubuntu2.2, krb5/libgssapi-krb5-2@1.13.2+dfsg-5ubuntu2.2 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* krb5/krb5-multidev@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libgssapi-krb5-2@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libgssrpc4@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libk5crypto3@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkadm5clnt-mit9@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkadm5srv-mit9@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkdb5-8@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkrb5-3@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkrb5-dev@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkrb5support0@1.13.2+dfsg-5ubuntu2.2

Overview

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: krb5/krb5-multidev
  • Introduced through: krb5/krb5-multidev@1.13.2+dfsg-5ubuntu2.2, krb5/libgssapi-krb5-2@1.13.2+dfsg-5ubuntu2.2 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* krb5/krb5-multidev@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libgssapi-krb5-2@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libgssrpc4@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libk5crypto3@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkadm5clnt-mit9@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkadm5srv-mit9@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkdb5-8@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkrb5-3@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkrb5-dev@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkrb5support0@1.13.2+dfsg-5ubuntu2.2

Overview

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.

References

low severity

Out-of-Bounds

  • Vulnerable module: krb5/krb5-multidev
  • Introduced through: krb5/krb5-multidev@1.13.2+dfsg-5ubuntu2.2, krb5/libgssapi-krb5-2@1.13.2+dfsg-5ubuntu2.2 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* krb5/krb5-multidev@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libgssapi-krb5-2@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libgssrpc4@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libk5crypto3@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkadm5clnt-mit9@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkadm5srv-mit9@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkdb5-8@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkrb5-3@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkrb5-dev@1.13.2+dfsg-5ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* krb5/libkrb5support0@1.13.2+dfsg-5ubuntu2.2

Overview

plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.

References

low severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: libcroco/libcroco3
  • Introduced through: libcroco/libcroco3@0.6.11-1

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libcroco/libcroco3@0.6.11-1

Overview

The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.

References

low severity

Out-of-Bounds

  • Vulnerable module: libcroco/libcroco3
  • Introduced through: libcroco/libcroco3@0.6.11-1

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libcroco/libcroco3@0.6.11-1

Overview

The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.

References

low severity

Out-of-bounds Read

  • Vulnerable module: libcroco/libcroco3
  • Introduced through: libcroco/libcroco3@0.6.11-1

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libcroco/libcroco3@0.6.11-1

Overview

The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.

References

low severity

Insufficient Entropy

  • Vulnerable module: libice/libice-dev
  • Introduced through: libice/libice-dev@2:1.0.9-1 and libice/libice6@2:1.0.9-1

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libice/libice-dev@2:1.0.9-1
  • Introduced through: buildpack-deps:xenial@* libice/libice6@2:1.0.9-1

Overview

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

References

low severity

Excessive Iteration

  • Vulnerable module: libjpeg-turbo/libjpeg-turbo8
  • Introduced through: libjpeg-turbo/libjpeg-turbo8@1.4.2-0ubuntu3.4 and libjpeg-turbo/libjpeg-turbo8-dev@1.4.2-0ubuntu3.4

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libjpeg-turbo/libjpeg-turbo8@1.4.2-0ubuntu3.4
  • Introduced through: buildpack-deps:xenial@* libjpeg-turbo/libjpeg-turbo8-dev@1.4.2-0ubuntu3.4

Overview

Affected versions of this package are vulnerable to Excessive Iteration libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.

Remediation

There is no fixed version for libjpeg-turbo.

References

low severity

Resource Exhaustion

  • Vulnerable module: libjpeg-turbo/libjpeg-turbo8
  • Introduced through: libjpeg-turbo/libjpeg-turbo8@1.4.2-0ubuntu3.4 and libjpeg-turbo/libjpeg-turbo8-dev@1.4.2-0ubuntu3.4

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libjpeg-turbo/libjpeg-turbo8@1.4.2-0ubuntu3.4
  • Introduced through: buildpack-deps:xenial@* libjpeg-turbo/libjpeg-turbo8-dev@1.4.2-0ubuntu3.4

Overview

Affected versions of this package are vulnerable to Resource Exhaustion. In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.

Remediation

There is no fixed version for libjpeg-turbo.

References

low severity

Memory Leak

  • Vulnerable module: libpng/libpng12-0
  • Introduced through: libpng/libpng12-0@1.2.54-1ubuntu1.1 and libpng/libpng12-dev@1.2.54-1ubuntu1.1

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libpng/libpng12-0@1.2.54-1ubuntu1.1
  • Introduced through: buildpack-deps:xenial@* libpng/libpng12-dev@1.2.54-1ubuntu1.1

Overview

** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer."

References

low severity

Resource Management Errors

  • Vulnerable module: libpng/libpng12-0
  • Introduced through: libpng/libpng12-0@1.2.54-1ubuntu1.1 and libpng/libpng12-dev@1.2.54-1ubuntu1.1

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libpng/libpng12-0@1.2.54-1ubuntu1.1
  • Introduced through: buildpack-deps:xenial@* libpng/libpng12-dev@1.2.54-1ubuntu1.1

Overview

An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.

References

low severity

Resource Exhaustion

  • Vulnerable module: librsvg/gir1.2-rsvg-2.0
  • Introduced through: librsvg/gir1.2-rsvg-2.0@2.40.13-3ubuntu0.2, librsvg/librsvg2-2@2.40.13-3ubuntu0.2 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* librsvg/gir1.2-rsvg-2.0@2.40.13-3ubuntu0.2
  • Introduced through: buildpack-deps:xenial@* librsvg/librsvg2-2@2.40.13-3ubuntu0.2
  • Introduced through: buildpack-deps:xenial@* librsvg/librsvg2-common@2.40.13-3ubuntu0.2
  • Introduced through: buildpack-deps:xenial@* librsvg/librsvg2-dev@2.40.13-3ubuntu0.2

Overview

Affected versions of this package are vulnerable to Resource Exhaustion. In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

Remediation

There is no fixed version for librsvg.

References

low severity

Resource Management Errors

  • Vulnerable module: libtasn1-6
  • Introduced through: libtasn1-6@4.7-3ubuntu0.16.04.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libtasn1-6@4.7-3ubuntu0.16.04.3

Overview

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.

References

low severity

Out-of-bounds Read

  • Vulnerable module: libvpx/libvpx3
  • Introduced through: libvpx/libvpx3@1.5.0-2ubuntu1.1

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libvpx/libvpx3@1.5.0-2ubuntu1.1

Overview

In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770

References

low severity

Out-of-Bounds

  • Vulnerable module: libwmf/libwmf-dev
  • Introduced through: libwmf/libwmf-dev@0.2.8.4-10.5ubuntu1 and libwmf/libwmf0.2-7@0.2.8.4-10.5ubuntu1

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libwmf/libwmf-dev@0.2.8.4-10.5ubuntu1
  • Introduced through: buildpack-deps:xenial@* libwmf/libwmf0.2-7@0.2.8.4-10.5ubuntu1

Overview

The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (application crash) via a crafted wmf file, which triggers a memory allocation failure.

References

low severity

CVE-2020-25697

  • Vulnerable module: libx11/libx11-6
  • Introduced through: libx11/libx11-6@2:1.6.3-1ubuntu2.2, libx11/libx11-data@2:1.6.3-1ubuntu2.2 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libx11/libx11-6@2:1.6.3-1ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* libx11/libx11-data@2:1.6.3-1ubuntu2.2
  • Introduced through: buildpack-deps:xenial@* libx11/libx11-dev@2:1.6.3-1ubuntu2.2

Overview

Affected versions of this package are vulnerable to CVE-2020-25697. A privilege escalation flaw was found due to lack of authentication for X11 clients. An attacker could use this flaw to take control of an X application by impersonating the server it is expecting to connect to.

Remediation

There is no fixed version for libx11.

References

low severity

Key Management Errors

  • Vulnerable module: libxdmcp/libxdmcp-dev
  • Introduced through: libxdmcp/libxdmcp-dev@1:1.1.2-1.1 and libxdmcp/libxdmcp6@1:1.1.2-1.1

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libxdmcp/libxdmcp-dev@1:1.1.2-1.1
  • Introduced through: buildpack-deps:xenial@* libxdmcp/libxdmcp6@1:1.1.2-1.1

Overview

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.

References

low severity

Access Restriction Bypass

  • Vulnerable module: libxfixes/libxfixes3
  • Introduced through: libxfixes/libxfixes3@1:5.0.1-2

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libxfixes/libxfixes3@1:5.0.1-2

Overview

Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.

References

low severity

Improper Access Control

  • Vulnerable module: libxi/libxi6
  • Introduced through: libxi/libxi6@2:1.7.6-1

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libxi/libxi6@2:1.7.6-1

low severity

Out-of-bounds Read

  • Vulnerable module: libxi/libxi6
  • Introduced through: libxi/libxi6@2:1.7.6-1

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libxi/libxi6@2:1.7.6-1

low severity

Improper Resource Shutdown or Release

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.3+dfsg1-1ubuntu0.7 and libxml2/libxml2-dev@2.9.3+dfsg1-1ubuntu0.7

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libxml2@2.9.3+dfsg1-1ubuntu0.7
  • Introduced through: buildpack-deps:xenial@* libxml2/libxml2-dev@2.9.3+dfsg1-1ubuntu0.7

Overview

Affected versions of this package are vulnerable to Improper Resource Shutdown or Release xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

Remediation

There is no fixed version for libxml2.

References

low severity

Out-of-bounds Read

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.3+dfsg1-1ubuntu0.7 and libxml2/libxml2-dev@2.9.3+dfsg1-1ubuntu0.7

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libxml2@2.9.3+dfsg1-1ubuntu0.7
  • Introduced through: buildpack-deps:xenial@* libxml2/libxml2-dev@2.9.3+dfsg1-1ubuntu0.7

Overview

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.

References

low severity

Out-of-bounds Read

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.3+dfsg1-1ubuntu0.7 and libxml2/libxml2-dev@2.9.3+dfsg1-1ubuntu0.7

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libxml2@2.9.3+dfsg1-1ubuntu0.7
  • Introduced through: buildpack-deps:xenial@* libxml2/libxml2-dev@2.9.3+dfsg1-1ubuntu0.7

Overview

Affected versions of this package are vulnerable to Out-of-bounds Read. GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

Remediation

There is no fixed version for libxml2.

References

low severity

Out-of-bounds Write

  • Vulnerable module: libxrandr/libxrandr2
  • Introduced through: libxrandr/libxrandr2@2:1.5.0-1

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libxrandr/libxrandr2@2:1.5.0-1

low severity

Out-of-bounds Write

  • Vulnerable module: libxrandr/libxrandr2
  • Introduced through: libxrandr/libxrandr2@2:1.5.0-1

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libxrandr/libxrandr2@2:1.5.0-1

low severity

Improper Input Validation

  • Vulnerable module: libxrender/libxrender-dev
  • Introduced through: libxrender/libxrender-dev@1:0.9.9-0ubuntu1 and libxrender/libxrender1@1:0.9.9-0ubuntu1

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libxrender/libxrender-dev@1:0.9.9-0ubuntu1
  • Introduced through: buildpack-deps:xenial@* libxrender/libxrender1@1:0.9.9-0ubuntu1

Overview

Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.

References

low severity

Out-of-bounds Write

  • Vulnerable module: libxrender/libxrender-dev
  • Introduced through: libxrender/libxrender-dev@1:0.9.9-0ubuntu1 and libxrender/libxrender1@1:0.9.9-0ubuntu1

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libxrender/libxrender-dev@1:0.9.9-0ubuntu1
  • Introduced through: buildpack-deps:xenial@* libxrender/libxrender1@1:0.9.9-0ubuntu1

low severity

Use of Insufficiently Random Values

  • Vulnerable module: libxslt/libxslt1-dev
  • Introduced through: libxslt/libxslt1-dev@1.1.28-2.1ubuntu0.3 and libxslt/libxslt1.1@1.1.28-2.1ubuntu0.3

Detailed paths

  • Introduced through: buildpack-deps:xenial@* libxslt/libxslt1-dev@1.1.28-2.1ubuntu0.3
  • Introduced through: buildpack-deps:xenial@* libxslt/libxslt1.1@1.1.28-2.1ubuntu0.3

Overview

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

References

low severity

Buffer Overflow

  • Vulnerable module: lz4/liblz4-1
  • Introduced through: lz4/liblz4-1@0.0~r131-2ubuntu2

Detailed paths

  • Introduced through: buildpack-deps:xenial@* lz4/liblz4-1@0.0~r131-2ubuntu2

Overview

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."

References

low severity

Out-of-bounds Read

  • Vulnerable module: lzo2/liblzo2-2
  • Introduced through: lzo2/liblzo2-2@2.08-1.2

Detailed paths

  • Introduced through: buildpack-deps:xenial@* lzo2/liblzo2-2@2.08-1.2

Overview

The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive.

References

low severity

Improper Input Validation

  • Vulnerable module: ncurses/libncurses5
  • Introduced through: ncurses/libncurses5@6.0+20160213-1ubuntu1, ncurses/libncurses5-dev@6.0+20160213-1ubuntu1 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* ncurses/libncurses5@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libncurses5-dev@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libncursesw5@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libncursesw5-dev@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libtinfo-dev@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libtinfo5@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/ncurses-base@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/ncurses-bin@6.0+20160213-1ubuntu1

Overview

In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.

References

low severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: ncurses/libncurses5
  • Introduced through: ncurses/libncurses5@6.0+20160213-1ubuntu1, ncurses/libncurses5-dev@6.0+20160213-1ubuntu1 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* ncurses/libncurses5@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libncurses5-dev@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libncursesw5@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libncursesw5-dev@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libtinfo-dev@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libtinfo5@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/ncurses-base@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/ncurses-bin@6.0+20160213-1ubuntu1

Overview

There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: ncurses/libncurses5
  • Introduced through: ncurses/libncurses5@6.0+20160213-1ubuntu1, ncurses/libncurses5-dev@6.0+20160213-1ubuntu1 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* ncurses/libncurses5@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libncurses5-dev@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libncursesw5@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libncursesw5-dev@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libtinfo-dev@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libtinfo5@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/ncurses-base@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/ncurses-bin@6.0+20160213-1ubuntu1

Overview

In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.

References

low severity

Out-of-Bounds

  • Vulnerable module: ncurses/libncurses5
  • Introduced through: ncurses/libncurses5@6.0+20160213-1ubuntu1, ncurses/libncurses5-dev@6.0+20160213-1ubuntu1 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* ncurses/libncurses5@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libncurses5-dev@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libncursesw5@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libncursesw5-dev@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libtinfo-dev@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libtinfo5@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/ncurses-base@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/ncurses-bin@6.0+20160213-1ubuntu1

Overview

Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.

References

low severity

Out-of-Bounds

  • Vulnerable module: ncurses/libncurses5
  • Introduced through: ncurses/libncurses5@6.0+20160213-1ubuntu1, ncurses/libncurses5-dev@6.0+20160213-1ubuntu1 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* ncurses/libncurses5@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libncurses5-dev@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libncursesw5@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libncursesw5-dev@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libtinfo-dev@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libtinfo5@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/ncurses-base@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/ncurses-bin@6.0+20160213-1ubuntu1

Overview

In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

References

low severity

Out-of-Bounds

  • Vulnerable module: ncurses/libncurses5
  • Introduced through: ncurses/libncurses5@6.0+20160213-1ubuntu1, ncurses/libncurses5-dev@6.0+20160213-1ubuntu1 and others

Detailed paths

  • Introduced through: buildpack-deps:xenial@* ncurses/libncurses5@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libncurses5-dev@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libncursesw5@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libncursesw5-dev@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libtinfo-dev@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/libtinfo5@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/ncurses-base@6.0+20160213-1ubuntu1
  • Introduced through: buildpack-deps:xenial@* ncurses/ncurses-bin@6.0+20160213-1ubuntu1

Overview

There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.

References