Vulnerabilities

419 via 419 paths

Dependencies

180

Source

Group 6 Copy Created with Sketch. Docker

Target OS

centos:8
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 36
  • 244
  • 139
Status
  • 419
  • 0
  • 0

high severity

Exposure of Resource to Wrong Sphere

  • Vulnerable module: expat
  • Introduced through: expat@2.2.5-4.el8
  • Fixed in: 0:2.2.5-4.el8_5.3

Detailed paths

  • Introduced through: centos@latest expat@2.2.5-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream expat package. See How to fix? for Centos:8 relevant versions.

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

high severity

Improper Encoding or Escaping of Output

  • Vulnerable module: expat
  • Introduced through: expat@2.2.5-4.el8
  • Fixed in: 0:2.2.5-4.el8_5.3

Detailed paths

  • Introduced through: centos@latest expat@2.2.5-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream expat package. See How to fix? for Centos:8 relevant versions.

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

high severity

Integer Overflow or Wraparound

  • Vulnerable module: expat
  • Introduced through: expat@2.2.5-4.el8
  • Fixed in: 0:2.2.5-4.el8_5.3

Detailed paths

  • Introduced through: centos@latest expat@2.2.5-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream expat package. See How to fix? for Centos:8 relevant versions.

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

high severity

Integer Overflow or Wraparound

  • Vulnerable module: expat
  • Introduced through: expat@2.2.5-4.el8
  • Fixed in: 0:2.2.5-4.el8_5.3

Detailed paths

  • Introduced through: centos@latest expat@2.2.5-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream expat package. See How to fix? for Centos:8 relevant versions.

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

high severity

Integer Overflow or Wraparound

  • Vulnerable module: expat
  • Introduced through: expat@2.2.5-4.el8
  • Fixed in: 0:2.2.5-4.el8_5.3

Detailed paths

  • Introduced through: centos@latest expat@2.2.5-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream expat package. See How to fix? for Centos:8 relevant versions.

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

high severity

Integer Overflow or Wraparound

  • Vulnerable module: expat
  • Introduced through: expat@2.2.5-4.el8
  • Fixed in: 0:2.2.5-4.el8_5.3

Detailed paths

  • Introduced through: centos@latest expat@2.2.5-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream expat package. See How to fix? for Centos:8 relevant versions.

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

high severity

Integer Overflow or Wraparound

  • Vulnerable module: expat
  • Introduced through: expat@2.2.5-4.el8
  • Fixed in: 0:2.2.5-4.el8_5.3

Detailed paths

  • Introduced through: centos@latest expat@2.2.5-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream expat package. See How to fix? for Centos:8 relevant versions.

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

high severity

Use After Free

  • Vulnerable module: expat
  • Introduced through: expat@2.2.5-4.el8
  • Fixed in: 0:2.2.5-8.el8_6.3

Detailed paths

  • Introduced through: centos@latest expat@2.2.5-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream expat package. See How to fix? for Centos:8 relevant versions.

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-8.el8_6.3 or higher.

References

high severity

Incorrect Conversion between Numeric Types

  • Vulnerable module: glib2
  • Introduced through: glib2@2.56.4-9.el8
  • Fixed in: 0:2.56.4-10.el8_4

Detailed paths

  • Introduced through: centos@latest glib2@2.56.4-9.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glib2 package. See How to fix? for Centos:8 relevant versions.

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

Remediation

Upgrade Centos:8 glib2 to version 0:2.56.4-10.el8_4 or higher.

References

high severity

Use After Free

  • Vulnerable module: systemd
  • Introduced through: systemd@239-45.el8
  • Fixed in: 0:239-58.el8_6.4

Detailed paths

  • Introduced through: centos@latest systemd@239-45.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd package. See How to fix? for Centos:8 relevant versions.

A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.

Remediation

Upgrade Centos:8 systemd to version 0:239-58.el8_6.4 or higher.

References

high severity

Use After Free

  • Vulnerable module: systemd-libs
  • Introduced through: systemd-libs@239-45.el8
  • Fixed in: 0:239-58.el8_6.4

Detailed paths

  • Introduced through: centos@latest systemd-libs@239-45.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd-libs package. See How to fix? for Centos:8 relevant versions.

A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.

Remediation

Upgrade Centos:8 systemd-libs to version 0:239-58.el8_6.4 or higher.

References

high severity

Use After Free

  • Vulnerable module: systemd-pam
  • Introduced through: systemd-pam@239-45.el8
  • Fixed in: 0:239-58.el8_6.4

Detailed paths

  • Introduced through: centos@latest systemd-pam@239-45.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd-pam package. See How to fix? for Centos:8 relevant versions.

A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.

Remediation

Upgrade Centos:8 systemd-pam to version 0:239-58.el8_6.4 or higher.

References

high severity

Use After Free

  • Vulnerable module: systemd-udev
  • Introduced through: systemd-udev@239-45.el8
  • Fixed in: 0:239-58.el8_6.4

Detailed paths

  • Introduced through: centos@latest systemd-udev@239-45.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd-udev package. See How to fix? for Centos:8 relevant versions.

A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.

Remediation

Upgrade Centos:8 systemd-udev to version 0:239-58.el8_6.4 or higher.

References

high severity

SQL Injection

  • Vulnerable module: cyrus-sasl-lib
  • Introduced through: cyrus-sasl-lib@2.1.27-5.el8
  • Fixed in: 0:2.1.27-6.el8_5

Detailed paths

  • Introduced through: centos@latest cyrus-sasl-lib@2.1.27-5.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream cyrus-sasl-lib package. See How to fix? for Centos:8 relevant versions.

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

Remediation

Upgrade Centos:8 cyrus-sasl-lib to version 0:2.1.27-6.el8_5 or higher.

References

high severity

Incorrect Calculation

  • Vulnerable module: expat
  • Introduced through: expat@2.2.5-4.el8
  • Fixed in: 0:2.2.5-4.el8_5.3

Detailed paths

  • Introduced through: centos@latest expat@2.2.5-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream expat package. See How to fix? for Centos:8 relevant versions.

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

high severity

Integer Overflow or Wraparound

  • Vulnerable module: expat
  • Introduced through: expat@2.2.5-4.el8
  • Fixed in: 0:2.2.5-4.el8_5.3

Detailed paths

  • Introduced through: centos@latest expat@2.2.5-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream expat package. See How to fix? for Centos:8 relevant versions.

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

high severity

Integer Overflow or Wraparound

  • Vulnerable module: expat
  • Introduced through: expat@2.2.5-4.el8
  • Fixed in: 0:2.2.5-4.el8_5.3

Detailed paths

  • Introduced through: centos@latest expat@2.2.5-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream expat package. See How to fix? for Centos:8 relevant versions.

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

high severity

Integer Overflow or Wraparound

  • Vulnerable module: expat
  • Introduced through: expat@2.2.5-4.el8
  • Fixed in: 0:2.2.5-4.el8_5.3

Detailed paths

  • Introduced through: centos@latest expat@2.2.5-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream expat package. See How to fix? for Centos:8 relevant versions.

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

high severity

Improper Input Validation

  • Vulnerable module: gzip
  • Introduced through: gzip@1.9-12.el8
  • Fixed in: 0:1.9-13.el8_5

Detailed paths

  • Introduced through: centos@latest gzip@1.9-12.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream gzip package. See How to fix? for Centos:8 relevant versions.

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

Remediation

Upgrade Centos:8 gzip to version 0:1.9-13.el8_5 or higher.

References

high severity

Improper Input Validation

  • Vulnerable module: xz
  • Introduced through: xz@5.2.4-3.el8
  • Fixed in: 0:5.2.4-4.el8_6

Detailed paths

  • Introduced through: centos@latest xz@5.2.4-3.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream xz package. See How to fix? for Centos:8 relevant versions.

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

Remediation

Upgrade Centos:8 xz to version 0:5.2.4-4.el8_6 or higher.

References

high severity

Improper Input Validation

  • Vulnerable module: xz-libs
  • Introduced through: xz-libs@5.2.4-3.el8
  • Fixed in: 0:5.2.4-4.el8_6

Detailed paths

  • Introduced through: centos@latest xz-libs@5.2.4-3.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream xz-libs package. See How to fix? for Centos:8 relevant versions.

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

Remediation

Upgrade Centos:8 xz-libs to version 0:5.2.4-4.el8_6 or higher.

References

high severity

Out-of-bounds Write

  • Vulnerable module: zlib
  • Introduced through: zlib@1.2.11-17.el8
  • Fixed in: 0:1.2.11-18.el8_5

Detailed paths

  • Introduced through: centos@latest zlib@1.2.11-17.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream zlib package. See How to fix? for Centos:8 relevant versions.

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Remediation

Upgrade Centos:8 zlib to version 0:1.2.11-18.el8_5 or higher.

References

high severity

Out-of-bounds Write

  • Vulnerable module: gnutls
  • Introduced through: gnutls@3.6.14-7.el8_3
  • Fixed in: 0:3.6.14-8.el8_3

Detailed paths

  • Introduced through: centos@latest gnutls@3.6.14-7.el8_3

NVD Description

Note: Versions mentioned in the description apply to the upstream gnutls package. See How to fix? for Centos:8 relevant versions.

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

Remediation

Upgrade Centos:8 gnutls to version 0:3.6.14-8.el8_3 or higher.

References

high severity

CVE-2022-3515

  • Vulnerable module: libksba
  • Introduced through: libksba@1.3.5-7.el8
  • Fixed in: 0:1.3.5-8.el8_6

Detailed paths

  • Introduced through: centos@latest libksba@1.3.5-7.el8

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

Upgrade Centos:8 libksba to version 0:1.3.5-8.el8_6 or higher.

References

high severity

Out-of-bounds Write

  • Vulnerable module: nettle
  • Introduced through: nettle@3.4.1-2.el8
  • Fixed in: 0:3.4.1-4.el8_3

Detailed paths

  • Introduced through: centos@latest nettle@3.4.1-2.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream nettle package. See How to fix? for Centos:8 relevant versions.

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

Remediation

Upgrade Centos:8 nettle to version 0:3.4.1-4.el8_3 or higher.

References

high severity

Integer Overflow or Wraparound

  • Vulnerable module: expat
  • Introduced through: expat@2.2.5-4.el8
  • Fixed in: 0:2.2.5-4.el8_5.3

Detailed paths

  • Introduced through: centos@latest expat@2.2.5-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream expat package. See How to fix? for Centos:8 relevant versions.

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

high severity

Arbitrary Code Injection

  • Vulnerable module: bind-export-libs
  • Introduced through: bind-export-libs@32:9.11.26-3.el8

Detailed paths

  • Introduced through: centos@latest bind-export-libs@32:9.11.26-3.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream bind-export-libs package.

By sending specific queries to the resolver, an attacker can cause named to crash.

Remediation

There is no fixed version for Centos:8 bind-export-libs.

References

high severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: bind-export-libs
  • Introduced through: bind-export-libs@32:9.11.26-3.el8
  • Fixed in: 32:9.11.36-3.el8_6.1

Detailed paths

  • Introduced through: centos@latest bind-export-libs@32:9.11.26-3.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream bind-export-libs package. See How to fix? for Centos:8 relevant versions.

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

Remediation

Upgrade Centos:8 bind-export-libs to version 32:9.11.36-3.el8_6.1 or higher.

References

high severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: bind-export-libs
  • Introduced through: bind-export-libs@32:9.11.26-3.el8
  • Fixed in: 32:9.11.36-3.el8_6.1

Detailed paths

  • Introduced through: centos@latest bind-export-libs@32:9.11.26-3.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream bind-export-libs package. See How to fix? for Centos:8 relevant versions.

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

Remediation

Upgrade Centos:8 bind-export-libs to version 32:9.11.36-3.el8_6.1 or higher.

References

high severity

Reachable Assertion

  • Vulnerable module: bind-export-libs
  • Introduced through: bind-export-libs@32:9.11.26-3.el8
  • Fixed in: 32:9.11.26-4.el8_4

Detailed paths

  • Introduced through: centos@latest bind-export-libs@32:9.11.26-3.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream bind-export-libs package. See How to fix? for Centos:8 relevant versions.

In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.

Remediation

Upgrade Centos:8 bind-export-libs to version 32:9.11.26-4.el8_4 or higher.

References

high severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.1.1g-15.el8_3
  • Fixed in: 1:1.1.1k-6.el8_5

Detailed paths

  • Introduced through: centos@latest openssl-libs@1:1.1.1g-15.el8_3

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl-libs package. See How to fix? for Centos:8 relevant versions.

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).

Remediation

Upgrade Centos:8 openssl-libs to version 1:1.1.1k-6.el8_5 or higher.

References

high severity
new

CVE-2022-42898

  • Vulnerable module: krb5-libs
  • Introduced through: krb5-libs@1.18.2-8.el8
  • Fixed in: 0:1.18.2-22.el8_7

Detailed paths

  • Introduced through: centos@latest krb5-libs@1.18.2-8.el8

NVD Description

This vulnerability has not been analyzed by NVD yet.

Remediation

Upgrade Centos:8 krb5-libs to version 0:1.18.2-22.el8_7 or higher.

References

high severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: systemd
  • Introduced through: systemd@239-45.el8
  • Fixed in: 0:239-45.el8_4.2

Detailed paths

  • Introduced through: centos@latest systemd@239-45.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd package. See How to fix? for Centos:8 relevant versions.

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

Remediation

Upgrade Centos:8 systemd to version 0:239-45.el8_4.2 or higher.

References

high severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: systemd-libs
  • Introduced through: systemd-libs@239-45.el8
  • Fixed in: 0:239-45.el8_4.2

Detailed paths

  • Introduced through: centos@latest systemd-libs@239-45.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd-libs package. See How to fix? for Centos:8 relevant versions.

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

Remediation

Upgrade Centos:8 systemd-libs to version 0:239-45.el8_4.2 or higher.

References

high severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: systemd-pam
  • Introduced through: systemd-pam@239-45.el8
  • Fixed in: 0:239-45.el8_4.2

Detailed paths

  • Introduced through: centos@latest systemd-pam@239-45.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd-pam package. See How to fix? for Centos:8 relevant versions.

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

Remediation

Upgrade Centos:8 systemd-pam to version 0:239-45.el8_4.2 or higher.

References

high severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: systemd-udev
  • Introduced through: systemd-udev@239-45.el8
  • Fixed in: 0:239-45.el8_4.2

Detailed paths

  • Introduced through: centos@latest systemd-udev@239-45.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd-udev package. See How to fix? for Centos:8 relevant versions.

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

Remediation

Upgrade Centos:8 systemd-udev to version 0:239-45.el8_4.2 or higher.

References

medium severity

Integer Overflow or Wraparound

  • Vulnerable module: glibc
  • Introduced through: glibc@2.28-151.el8
  • Fixed in: 0:2.28-164.el8

Detailed paths

  • Introduced through: centos@latest glibc@2.28-151.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc package. See How to fix? for Centos:8 relevant versions.

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.

Remediation

Upgrade Centos:8 glibc to version 0:2.28-164.el8 or higher.

References

medium severity

Integer Overflow or Wraparound

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.28-151.el8
  • Fixed in: 0:2.28-164.el8

Detailed paths

  • Introduced through: centos@latest glibc-common@2.28-151.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc-common package. See How to fix? for Centos:8 relevant versions.

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.

Remediation

Upgrade Centos:8 glibc-common to version 0:2.28-164.el8 or higher.

References

medium severity

Integer Overflow or Wraparound

  • Vulnerable module: glibc-minimal-langpack
  • Introduced through: glibc-minimal-langpack@2.28-151.el8
  • Fixed in: 0:2.28-164.el8

Detailed paths

  • Introduced through: centos@latest glibc-minimal-langpack@2.28-151.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc-minimal-langpack package. See How to fix? for Centos:8 relevant versions.

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.

Remediation

Upgrade Centos:8 glibc-minimal-langpack to version 0:2.28-164.el8 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: sqlite-libs
  • Introduced through: sqlite-libs@3.26.0-13.el8
  • Fixed in: 0:3.26.0-15.el8

Detailed paths

  • Introduced through: centos@latest sqlite-libs@3.26.0-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite-libs package. See How to fix? for Centos:8 relevant versions.

Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Remediation

Upgrade Centos:8 sqlite-libs to version 0:3.26.0-15.el8 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.7-9.el8
  • Fixed in: 0:2.9.7-9.el8_4.2

Detailed paths

  • Introduced through: centos@latest libxml2@2.9.7-9.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libxml2 package. See How to fix? for Centos:8 relevant versions.

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

Remediation

Upgrade Centos:8 libxml2 to version 0:2.9.7-9.el8_4.2 or higher.

References

medium severity

Use After Free

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.7-9.el8
  • Fixed in: 0:2.9.7-9.el8_4.2

Detailed paths

  • Introduced through: centos@latest libxml2@2.9.7-9.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libxml2 package. See How to fix? for Centos:8 relevant versions.

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Remediation

Upgrade Centos:8 libxml2 to version 0:2.9.7-9.el8_4.2 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: lz4-libs
  • Introduced through: lz4-libs@1.8.3-2.el8
  • Fixed in: 0:1.8.3-3.el8_4

Detailed paths

  • Introduced through: centos@latest lz4-libs@1.8.3-2.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream lz4-libs package. See How to fix? for Centos:8 relevant versions.

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.

Remediation

Upgrade Centos:8 lz4-libs to version 0:1.8.3-3.el8_4 or higher.

References

medium severity

Arbitrary Code Injection

  • Vulnerable module: binutils
  • Introduced through: binutils@2.30-93.el8
  • Fixed in: 0:2.30-108.el8_5.1

Detailed paths

  • Introduced through: centos@latest binutils@2.30-93.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream binutils package. See How to fix? for Centos:8 relevant versions.

** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard and the Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-right and right-to-left characters, the visual order of tokens may be different from their logical order. Additionally, control characters needed to fully support the requirements of bidirectional text can further obfuscate the logical order of tokens. Unless mitigated, an adversary could craft source code such that the ordering of tokens perceived by human reviewers does not match what will be processed by a compiler/interpreter/etc. The Unicode Consortium has documented this class of vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms, and in Unicode Standard Annex #31, Unicode Identifier and Pattern Syntax. Also, the BIDI specification allows applications to tailor the implementation in ways that can mitigate misleading visual reordering in program text; see HL4 in Unicode Standard Annex #9, Unicode Bidirectional Algorithm.

Remediation

Upgrade Centos:8 binutils to version 0:2.30-108.el8_5.1 or higher.

References

medium severity

Arbitrary Code Injection

  • Vulnerable module: libgcc
  • Introduced through: libgcc@8.4.1-1.el8
  • Fixed in: 0:8.5.0-4.el8_5

Detailed paths

  • Introduced through: centos@latest libgcc@8.4.1-1.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libgcc package. See How to fix? for Centos:8 relevant versions.

** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard and the Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-right and right-to-left characters, the visual order of tokens may be different from their logical order. Additionally, control characters needed to fully support the requirements of bidirectional text can further obfuscate the logical order of tokens. Unless mitigated, an adversary could craft source code such that the ordering of tokens perceived by human reviewers does not match what will be processed by a compiler/interpreter/etc. The Unicode Consortium has documented this class of vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms, and in Unicode Standard Annex #31, Unicode Identifier and Pattern Syntax. Also, the BIDI specification allows applications to tailor the implementation in ways that can mitigate misleading visual reordering in program text; see HL4 in Unicode Standard Annex #9, Unicode Bidirectional Algorithm.

Remediation

Upgrade Centos:8 libgcc to version 0:8.5.0-4.el8_5 or higher.

References

medium severity

CVE-2021-42694

  • Vulnerable module: libgcc
  • Introduced through: libgcc@8.4.1-1.el8

Detailed paths

  • Introduced through: centos@latest libgcc@8.4.1-1.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libgcc package.

** DISPUTED ** An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage this to inject code via adversarial identifier definitions in upstream software dependencies invoked deceptively in downstream software. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard (all versions). Unless mitigated, an adversary could produce source code identifiers using homoglyph characters that render visually identical to but are distinct from a target identifier. In this way, an adversary could inject adversarial identifier definitions in upstream software that are not detected by human reviewers and are invoked deceptively in downstream software. The Unicode Consortium has documented this class of security vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms.

Remediation

There is no fixed version for Centos:8 libgcc.

References

medium severity

Arbitrary Code Injection

  • Vulnerable module: libstdc++
  • Introduced through: libstdc++@8.4.1-1.el8
  • Fixed in: 0:8.5.0-4.el8_5

Detailed paths

  • Introduced through: centos@latest libstdc++@8.4.1-1.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libstdc++ package. See How to fix? for Centos:8 relevant versions.

** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard and the Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-right and right-to-left characters, the visual order of tokens may be different from their logical order. Additionally, control characters needed to fully support the requirements of bidirectional text can further obfuscate the logical order of tokens. Unless mitigated, an adversary could craft source code such that the ordering of tokens perceived by human reviewers does not match what will be processed by a compiler/interpreter/etc. The Unicode Consortium has documented this class of vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms, and in Unicode Standard Annex #31, Unicode Identifier and Pattern Syntax. Also, the BIDI specification allows applications to tailor the implementation in ways that can mitigate misleading visual reordering in program text; see HL4 in Unicode Standard Annex #9, Unicode Bidirectional Algorithm.

Remediation

Upgrade Centos:8 libstdc++ to version 0:8.5.0-4.el8_5 or higher.

References

medium severity

CVE-2021-42694

  • Vulnerable module: libstdc++
  • Introduced through: libstdc++@8.4.1-1.el8

Detailed paths

  • Introduced through: centos@latest libstdc++@8.4.1-1.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libstdc++ package.

** DISPUTED ** An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage this to inject code via adversarial identifier definitions in upstream software dependencies invoked deceptively in downstream software. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard (all versions). Unless mitigated, an adversary could produce source code identifiers using homoglyph characters that render visually identical to but are distinct from a target identifier. In this way, an adversary could inject adversarial identifier definitions in upstream software that are not detected by human reviewers and are invoked deceptively in downstream software. The Unicode Consortium has documented this class of security vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms.

Remediation

There is no fixed version for Centos:8 libstdc++.

References

medium severity

CVE-2022-40304

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.7-9.el8

Detailed paths

  • Introduced through: centos@latest libxml2@2.9.7-9.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libxml2 package.

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

Remediation

There is no fixed version for Centos:8 libxml2.

References

medium severity

Integer Overflow or Wraparound

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.7-9.el8

Detailed paths

  • Introduced through: centos@latest libxml2@2.9.7-9.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libxml2 package.

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

Remediation

There is no fixed version for Centos:8 libxml2.

References

medium severity

Improper Authentication

  • Vulnerable module: curl
  • Introduced through: curl@7.61.1-18.el8
  • Fixed in: 0:7.61.1-22.el8_6.3

Detailed paths

  • Introduced through: centos@latest curl@7.61.1-18.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See How to fix? for Centos:8 relevant versions.

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).

Remediation

Upgrade Centos:8 curl to version 0:7.61.1-22.el8_6.3 or higher.

References

medium severity

Improper Authentication

  • Vulnerable module: libcurl-minimal
  • Introduced through: libcurl-minimal@7.61.1-18.el8
  • Fixed in: 0:7.61.1-22.el8_6.3

Detailed paths

  • Introduced through: centos@latest libcurl-minimal@7.61.1-18.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libcurl-minimal package. See How to fix? for Centos:8 relevant versions.

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).

Remediation

Upgrade Centos:8 libcurl-minimal to version 0:7.61.1-22.el8_6.3 or higher.

References

medium severity

Use After Free

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.7-9.el8
  • Fixed in: 0:2.9.7-12.el8_5

Detailed paths

  • Introduced through: centos@latest libxml2@2.9.7-9.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libxml2 package. See How to fix? for Centos:8 relevant versions.

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

Remediation

Upgrade Centos:8 libxml2 to version 0:2.9.7-12.el8_5 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: lz4-libs
  • Introduced through: lz4-libs@1.8.3-2.el8

Detailed paths

  • Introduced through: centos@latest lz4-libs@1.8.3-2.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream lz4-libs package.

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."

Remediation

There is no fixed version for Centos:8 lz4-libs.

References

medium severity

Out-of-Bounds

  • Vulnerable module: sqlite-libs
  • Introduced through: sqlite-libs@3.26.0-13.el8
  • Fixed in: 0:3.26.0-16.el8_6

Detailed paths

  • Introduced through: centos@latest sqlite-libs@3.26.0-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite-libs package. See How to fix? for Centos:8 relevant versions.

In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.

Remediation

Upgrade Centos:8 sqlite-libs to version 0:3.26.0-16.el8_6 or higher.

References

medium severity

Directory Traversal

  • Vulnerable module: squashfs-tools
  • Introduced through: squashfs-tools@4.3-20.el8

Detailed paths

  • Introduced through: centos@latest squashfs-tools@4.3-20.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream squashfs-tools package.

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.

Remediation

There is no fixed version for Centos:8 squashfs-tools.

References

medium severity

Link Following

  • Vulnerable module: squashfs-tools
  • Introduced through: squashfs-tools@4.3-20.el8

Detailed paths

  • Introduced through: centos@latest squashfs-tools@4.3-20.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream squashfs-tools package.

squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.

Remediation

There is no fixed version for Centos:8 squashfs-tools.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: binutils
  • Introduced through: binutils@2.30-93.el8

Detailed paths

  • Introduced through: centos@latest binutils@2.30-93.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream binutils package.

binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.

Remediation

There is no fixed version for Centos:8 binutils.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: binutils
  • Introduced through: binutils@2.30-93.el8

Detailed paths

  • Introduced through: centos@latest binutils@2.30-93.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream binutils package.

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

Remediation

There is no fixed version for Centos:8 binutils.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: file-libs
  • Introduced through: file-libs@5.33-16.el8_3.1
  • Fixed in: 0:5.33-20.el8

Detailed paths

  • Introduced through: centos@latest file-libs@5.33-16.el8_3.1

NVD Description

Note: Versions mentioned in the description apply to the upstream file-libs package. See How to fix? for Centos:8 relevant versions.

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

Remediation

Upgrade Centos:8 file-libs to version 0:5.33-20.el8 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: json-c
  • Introduced through: json-c@0.13.1-0.4.el8
  • Fixed in: 0:0.13.1-2.el8

Detailed paths

  • Introduced through: centos@latest json-c@0.13.1-0.4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream json-c package. See How to fix? for Centos:8 relevant versions.

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

Remediation

Upgrade Centos:8 json-c to version 0:0.13.1-2.el8 or higher.

References

medium severity

Use After Free

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.7-9.el8
  • Fixed in: 0:2.9.7-9.el8_4.2

Detailed paths

  • Introduced through: centos@latest libxml2@2.9.7-9.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libxml2 package. See How to fix? for Centos:8 relevant versions.

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

Remediation

Upgrade Centos:8 libxml2 to version 0:2.9.7-9.el8_4.2 or higher.

References

medium severity

Buffer Over-read

  • Vulnerable module: vim-minimal
  • Introduced through: vim-minimal@2:8.0.1763-15.el8
  • Fixed in: 2:8.0.1763-19.el8_6.2

Detailed paths

  • Introduced through: centos@latest vim-minimal@2:8.0.1763-15.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream vim-minimal package. See How to fix? for Centos:8 relevant versions.

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution

Remediation

Upgrade Centos:8 vim-minimal to version 2:8.0.1763-19.el8_6.2 or higher.

References

medium severity

Buffer Over-read

  • Vulnerable module: vim-minimal
  • Introduced through: vim-minimal@2:8.0.1763-15.el8
  • Fixed in: 2:8.0.1763-19.el8_6.4

Detailed paths

  • Introduced through: centos@latest vim-minimal@2:8.0.1763-15.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream vim-minimal package. See How to fix? for Centos:8 relevant versions.

Buffer Over-read in GitHub repository vim/vim prior to 8.2.

Remediation

Upgrade Centos:8 vim-minimal to version 2:8.0.1763-19.el8_6.4 or higher.

References

medium severity

Heap-based Buffer Overflow

  • Vulnerable module: vim-minimal
  • Introduced through: vim-minimal@2:8.0.1763-15.el8
  • Fixed in: 2:8.0.1763-16.el8

Detailed paths

  • Introduced through: centos@latest vim-minimal@2:8.0.1763-15.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream vim-minimal package. See How to fix? for Centos:8 relevant versions.

vim is vulnerable to Heap-based Buffer Overflow

Remediation

Upgrade Centos:8 vim-minimal to version 2:8.0.1763-16.el8 or higher.

References

medium severity

Heap-based Buffer Overflow

  • Vulnerable module: vim-minimal
  • Introduced through: vim-minimal@2:8.0.1763-15.el8
  • Fixed in: 2:8.0.1763-16.el8_5.12

Detailed paths

  • Introduced through: centos@latest vim-minimal@2:8.0.1763-15.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream vim-minimal package. See How to fix? for Centos:8 relevant versions.

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Remediation

Upgrade Centos:8 vim-minimal to version 2:8.0.1763-16.el8_5.12 or higher.

References

medium severity

Heap-based Buffer Overflow

  • Vulnerable module: vim-minimal
  • Introduced through: vim-minimal@2:8.0.1763-15.el8
  • Fixed in: 2:8.0.1763-16.el8_5.12

Detailed paths

  • Introduced through: centos@latest vim-minimal@2:8.0.1763-15.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream vim-minimal package. See How to fix? for Centos:8 relevant versions.

Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.

Remediation

Upgrade Centos:8 vim-minimal to version 2:8.0.1763-16.el8_5.12 or higher.

References

medium severity

Heap-based Buffer Overflow

  • Vulnerable module: vim-minimal
  • Introduced through: vim-minimal@2:8.0.1763-15.el8
  • Fixed in: 2:8.0.1763-16.el8_5.12

Detailed paths

  • Introduced through: centos@latest vim-minimal@2:8.0.1763-15.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream vim-minimal package. See How to fix? for Centos:8 relevant versions.

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Remediation

Upgrade Centos:8 vim-minimal to version 2:8.0.1763-16.el8_5.12 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: vim-minimal
  • Introduced through: vim-minimal@2:8.0.1763-15.el8
  • Fixed in: 2:8.0.1763-16.el8_5.12

Detailed paths

  • Introduced through: centos@latest vim-minimal@2:8.0.1763-15.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream vim-minimal package. See How to fix? for Centos:8 relevant versions.

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Remediation

Upgrade Centos:8 vim-minimal to version 2:8.0.1763-16.el8_5.12 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: vim-minimal
  • Introduced through: vim-minimal@2:8.0.1763-15.el8
  • Fixed in: 2:8.0.1763-19.el8_6.4

Detailed paths

  • Introduced through: centos@latest vim-minimal@2:8.0.1763-15.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream vim-minimal package. See How to fix? for Centos:8 relevant versions.

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

Remediation

Upgrade Centos:8 vim-minimal to version 2:8.0.1763-19.el8_6.4 or higher.

References

medium severity

Use After Free

  • Vulnerable module: vim-minimal
  • Introduced through: vim-minimal@2:8.0.1763-15.el8
  • Fixed in: 2:8.0.1763-16.el8_5.4

Detailed paths

  • Introduced through: centos@latest vim-minimal@2:8.0.1763-15.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream vim-minimal package. See How to fix? for Centos:8 relevant versions.

vim is vulnerable to Use After Free

Remediation

Upgrade Centos:8 vim-minimal to version 2:8.0.1763-16.el8_5.4 or higher.

References

medium severity

Use After Free

  • Vulnerable module: vim-minimal
  • Introduced through: vim-minimal@2:8.0.1763-15.el8
  • Fixed in: 2:8.0.1763-16.el8_5.13

Detailed paths

  • Introduced through: centos@latest vim-minimal@2:8.0.1763-15.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream vim-minimal package. See How to fix? for Centos:8 relevant versions.

Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.

Remediation

Upgrade Centos:8 vim-minimal to version 2:8.0.1763-16.el8_5.13 or higher.

References

medium severity

Arbitrary Command Injection

  • Vulnerable module: platform-python
  • Introduced through: platform-python@3.6.8-37.el8
  • Fixed in: 0:3.6.8-47.el8_6

Detailed paths

  • Introduced through: centos@latest platform-python@3.6.8-37.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream platform-python package. See How to fix? for Centos:8 relevant versions.

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

Remediation

Upgrade Centos:8 platform-python to version 0:3.6.8-47.el8_6 or higher.

References

medium severity

Arbitrary Command Injection

  • Vulnerable module: python3-libs
  • Introduced through: python3-libs@3.6.8-37.el8
  • Fixed in: 0:3.6.8-47.el8_6

Detailed paths

  • Introduced through: centos@latest python3-libs@3.6.8-37.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream python3-libs package. See How to fix? for Centos:8 relevant versions.

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

Remediation

Upgrade Centos:8 python3-libs to version 0:3.6.8-47.el8_6 or higher.

References

medium severity

Cleartext Transmission of Sensitive Information

  • Vulnerable module: curl
  • Introduced through: curl@7.61.1-18.el8
  • Fixed in: 0:7.61.1-18.el8_4.2

Detailed paths

  • Introduced through: centos@latest curl@7.61.1-18.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See How to fix? for Centos:8 relevant versions.

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (--ssl-reqd on the command line orCURLOPT_USE_SSL set to CURLUSESSL_CONTROL or CURLUSESSL_ALL withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations withoutTLS contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.

Remediation

Upgrade Centos:8 curl to version 0:7.61.1-18.el8_4.2 or higher.

References

medium severity

Improper Certificate Validation

  • Vulnerable module: curl
  • Introduced through: curl@7.61.1-18.el8
  • Fixed in: 0:7.61.1-22.el8_6.3

Detailed paths

  • Introduced through: centos@latest curl@7.61.1-18.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See How to fix? for Centos:8 relevant versions.

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.

Remediation

Upgrade Centos:8 curl to version 0:7.61.1-22.el8_6.3 or higher.

References

medium severity

Integer Overflow or Wraparound

  • Vulnerable module: expat
  • Introduced through: expat@2.2.5-4.el8
  • Fixed in: 0:2.2.5-8.el8_6.2

Detailed paths

  • Introduced through: centos@latest expat@2.2.5-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream expat package. See How to fix? for Centos:8 relevant versions.

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-8.el8_6.2 or higher.

References

medium severity
new

Use After Free

  • Vulnerable module: expat
  • Introduced through: expat@2.2.5-4.el8

Detailed paths

  • Introduced through: centos@latest expat@2.2.5-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream expat package.

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

Remediation

There is no fixed version for Centos:8 expat.

References

medium severity

Incorrect Conversion between Numeric Types

  • Vulnerable module: glib2
  • Introduced through: glib2@2.56.4-9.el8
  • Fixed in: 0:2.56.4-10.el8_4.1

Detailed paths

  • Introduced through: centos@latest glib2@2.56.4-9.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glib2 package. See How to fix? for Centos:8 relevant versions.

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.

Remediation

Upgrade Centos:8 glib2 to version 0:2.56.4-10.el8_4.1 or higher.

References

medium severity

Double Free

  • Vulnerable module: gnutls
  • Introduced through: gnutls@3.6.14-7.el8_3
  • Fixed in: 0:3.6.16-5.el8_6

Detailed paths

  • Introduced through: centos@latest gnutls@3.6.14-7.el8_3

NVD Description

Note: Versions mentioned in the description apply to the upstream gnutls package. See How to fix? for Centos:8 relevant versions.

A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.

Remediation

Upgrade Centos:8 gnutls to version 0:3.6.16-5.el8_6 or higher.

References

medium severity

Improper Input Validation

  • Vulnerable module: gnutls
  • Introduced through: gnutls@3.6.14-7.el8_3
  • Fixed in: 0:3.6.16-4.el8

Detailed paths

  • Introduced through: centos@latest gnutls@3.6.14-7.el8_3

NVD Description

Note: Versions mentioned in the description apply to the upstream gnutls package. See How to fix? for Centos:8 relevant versions.

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.

Remediation

Upgrade Centos:8 gnutls to version 0:3.6.16-4.el8 or higher.

References

medium severity

NULL Pointer Dereference

  • Vulnerable module: krb5-libs
  • Introduced through: krb5-libs@1.18.2-8.el8
  • Fixed in: 0:1.18.2-8.3.el8_4

Detailed paths

  • Introduced through: centos@latest krb5-libs@1.18.2-8.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream krb5-libs package. See How to fix? for Centos:8 relevant versions.

ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.

Remediation

Upgrade Centos:8 krb5-libs to version 0:1.18.2-8.3.el8_4 or higher.

References

medium severity

Cleartext Transmission of Sensitive Information

  • Vulnerable module: libcurl-minimal
  • Introduced through: libcurl-minimal@7.61.1-18.el8
  • Fixed in: 0:7.61.1-18.el8_4.2

Detailed paths

  • Introduced through: centos@latest libcurl-minimal@7.61.1-18.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libcurl-minimal package. See How to fix? for Centos:8 relevant versions.

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (--ssl-reqd on the command line orCURLOPT_USE_SSL set to CURLUSESSL_CONTROL or CURLUSESSL_ALL withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations withoutTLS contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.

Remediation

Upgrade Centos:8 libcurl-minimal to version 0:7.61.1-18.el8_4.2 or higher.

References

medium severity

Improper Certificate Validation

  • Vulnerable module: libcurl-minimal
  • Introduced through: libcurl-minimal@7.61.1-18.el8
  • Fixed in: 0:7.61.1-22.el8_6.3

Detailed paths

  • Introduced through: centos@latest libcurl-minimal@7.61.1-18.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libcurl-minimal package. See How to fix? for Centos:8 relevant versions.

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.

Remediation

Upgrade Centos:8 libcurl-minimal to version 0:7.61.1-22.el8_6.3 or higher.

References

medium severity

Information Exposure

  • Vulnerable module: libgcrypt
  • Introduced through: libgcrypt@1.8.5-4.el8
  • Fixed in: 0:1.8.5-6.el8

Detailed paths

  • Introduced through: centos@latest libgcrypt@1.8.5-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libgcrypt package. See How to fix? for Centos:8 relevant versions.

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.

Remediation

Upgrade Centos:8 libgcrypt to version 0:1.8.5-6.el8 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: libsolv
  • Introduced through: libsolv@0.7.16-2.el8
  • Fixed in: 0:0.7.16-3.el8_4

Detailed paths

  • Introduced through: centos@latest libsolv@0.7.16-2.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libsolv package. See How to fix? for Centos:8 relevant versions.

Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

Remediation

Upgrade Centos:8 libsolv to version 0:0.7.16-3.el8_4 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: libsolv
  • Introduced through: libsolv@0.7.16-2.el8
  • Fixed in: 0:0.7.16-3.el8_4

Detailed paths

  • Introduced through: centos@latest libsolv@0.7.16-2.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libsolv package. See How to fix? for Centos:8 relevant versions.

Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

Remediation

Upgrade Centos:8 libsolv to version 0:0.7.16-3.el8_4 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: libsolv
  • Introduced through: libsolv@0.7.16-2.el8
  • Fixed in: 0:0.7.16-3.el8_4

Detailed paths

  • Introduced through: centos@latest libsolv@0.7.16-2.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libsolv package. See How to fix? for Centos:8 relevant versions.

Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

Remediation

Upgrade Centos:8 libsolv to version 0:0.7.16-3.el8_4 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: libsolv
  • Introduced through: libsolv@0.7.16-2.el8
  • Fixed in: 0:0.7.16-3.el8_4

Detailed paths

  • Introduced through: centos@latest libsolv@0.7.16-2.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libsolv package. See How to fix? for Centos:8 relevant versions.

Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.

Remediation

Upgrade Centos:8 libsolv to version 0:0.7.16-3.el8_4 or higher.

References

medium severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: libtirpc
  • Introduced through: libtirpc@1.1.4-4.el8
  • Fixed in: 0:1.1.4-6.el8

Detailed paths

  • Introduced through: centos@latest libtirpc@1.1.4-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libtirpc package. See How to fix? for Centos:8 relevant versions.

In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.

Remediation

Upgrade Centos:8 libtirpc to version 0:1.1.4-6.el8 or higher.

References

medium severity

NULL Pointer Dereference

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.7-9.el8
  • Fixed in: 0:2.9.7-9.el8_4.2

Detailed paths

  • Introduced through: centos@latest libxml2@2.9.7-9.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libxml2 package. See How to fix? for Centos:8 relevant versions.

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

Remediation

Upgrade Centos:8 libxml2 to version 0:2.9.7-9.el8_4.2 or higher.

References

medium severity

Improper Input Validation

  • Vulnerable module: nettle
  • Introduced through: nettle@3.4.1-2.el8
  • Fixed in: 0:3.4.1-7.el8

Detailed paths

  • Introduced through: centos@latest nettle@3.4.1-2.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream nettle package. See How to fix? for Centos:8 relevant versions.

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.

Remediation

Upgrade Centos:8 nettle to version 0:3.4.1-7.el8 or higher.

References

medium severity

Integer Overflow or Wraparound

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.1.1g-15.el8_3
  • Fixed in: 1:1.1.1k-4.el8

Detailed paths

  • Introduced through: centos@latest openssl-libs@1:1.1.1g-15.el8_3

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl-libs package. See How to fix? for Centos:8 relevant versions.

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

Remediation

Upgrade Centos:8 openssl-libs to version 1:1.1.1k-4.el8 or higher.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: pcre2
  • Introduced through: pcre2@10.32-2.el8
  • Fixed in: 0:10.32-3.el8_6

Detailed paths

  • Introduced through: centos@latest pcre2@10.32-2.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream pcre2 package. See How to fix? for Centos:8 relevant versions.

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

Remediation

Upgrade Centos:8 pcre2 to version 0:10.32-3.el8_6 or higher.

References

medium severity

Incorrect Type Conversion or Cast

  • Vulnerable module: platform-python
  • Introduced through: platform-python@3.6.8-37.el8

Detailed paths

  • Introduced through: centos@latest platform-python@3.6.8-37.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream platform-python package.

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

Remediation

There is no fixed version for Centos:8 platform-python.

References

medium severity
new

Resource Exhaustion

  • Vulnerable module: platform-python
  • Introduced through: platform-python@3.6.8-37.el8

Detailed paths

  • Introduced through: centos@latest platform-python@3.6.8-37.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream platform-python package.

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.

Remediation

There is no fixed version for Centos:8 platform-python.

References

medium severity

Incorrect Type Conversion or Cast

  • Vulnerable module: python3-libs
  • Introduced through: python3-libs@3.6.8-37.el8

Detailed paths

  • Introduced through: centos@latest python3-libs@3.6.8-37.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream python3-libs package.

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

Remediation

There is no fixed version for Centos:8 python3-libs.

References

medium severity
new

Resource Exhaustion

  • Vulnerable module: python3-libs
  • Introduced through: python3-libs@3.6.8-37.el8

Detailed paths

  • Introduced through: centos@latest python3-libs@3.6.8-37.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream python3-libs package.

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.

Remediation

There is no fixed version for Centos:8 python3-libs.

References

medium severity

CVE-2019-19603

  • Vulnerable module: sqlite-libs
  • Introduced through: sqlite-libs@3.26.0-13.el8
  • Fixed in: 0:3.26.0-15.el8

Detailed paths

  • Introduced through: centos@latest sqlite-libs@3.26.0-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite-libs package. See How to fix? for Centos:8 relevant versions.

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.

Remediation

Upgrade Centos:8 sqlite-libs to version 0:3.26.0-15.el8 or higher.

References

medium severity

NULL Pointer Dereference

  • Vulnerable module: sqlite-libs
  • Introduced through: sqlite-libs@3.26.0-13.el8
  • Fixed in: 0:3.26.0-16.el8_6

Detailed paths

  • Introduced through: centos@latest sqlite-libs@3.26.0-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite-libs package. See How to fix? for Centos:8 relevant versions.

In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.

Remediation

Upgrade Centos:8 sqlite-libs to version 0:3.26.0-16.el8_6 or higher.

References

medium severity

Off-by-one Error

  • Vulnerable module: glibc
  • Introduced through: glibc@2.28-151.el8
  • Fixed in: 0:2.28-164.el8_5.3

Detailed paths

  • Introduced through: centos@latest glibc@2.28-151.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc package. See How to fix? for Centos:8 relevant versions.

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

Remediation

Upgrade Centos:8 glibc to version 0:2.28-164.el8_5.3 or higher.

References

medium severity

Off-by-one Error

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.28-151.el8
  • Fixed in: 0:2.28-164.el8_5.3

Detailed paths

  • Introduced through: centos@latest glibc-common@2.28-151.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc-common package. See How to fix? for Centos:8 relevant versions.

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

Remediation

Upgrade Centos:8 glibc-common to version 0:2.28-164.el8_5.3 or higher.

References

medium severity

Off-by-one Error

  • Vulnerable module: glibc-minimal-langpack
  • Introduced through: glibc-minimal-langpack@2.28-151.el8
  • Fixed in: 0:2.28-164.el8_5.3

Detailed paths

  • Introduced through: centos@latest glibc-minimal-langpack@2.28-151.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc-minimal-langpack package. See How to fix? for Centos:8 relevant versions.

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

Remediation

Upgrade Centos:8 glibc-minimal-langpack to version 0:2.28-164.el8_5.3 or higher.

References

medium severity

Integer Overflow or Wraparound

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.7-9.el8
  • Fixed in: 0:2.9.7-13.el8_6.1

Detailed paths

  • Introduced through: centos@latest libxml2@2.9.7-9.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libxml2 package. See How to fix? for Centos:8 relevant versions.

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

Remediation

Upgrade Centos:8 libxml2 to version 0:2.9.7-13.el8_6.1 or higher.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.1.1g-15.el8_3
  • Fixed in: 1:1.1.1k-5.el8_5

Detailed paths

  • Introduced through: centos@latest openssl-libs@1:1.1.1g-15.el8_3

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl-libs package. See How to fix? for Centos:8 relevant versions.

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).

Remediation

Upgrade Centos:8 openssl-libs to version 1:1.1.1k-5.el8_5 or higher.

References

medium severity

Open Redirect

  • Vulnerable module: platform-python
  • Introduced through: platform-python@3.6.8-37.el8

Detailed paths

  • Introduced through: centos@latest platform-python@3.6.8-37.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream platform-python package.

** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

Remediation

There is no fixed version for Centos:8 platform-python.

References

medium severity

Open Redirect

  • Vulnerable module: python3-libs
  • Introduced through: python3-libs@3.6.8-37.el8

Detailed paths

  • Introduced through: centos@latest python3-libs@3.6.8-37.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream python3-libs package.

** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

Remediation

There is no fixed version for Centos:8 python3-libs.

References

medium severity

Heap-based Buffer Overflow

  • Vulnerable module: vim-minimal
  • Introduced through: vim-minimal@2:8.0.1763-15.el8
  • Fixed in: 2:8.0.1763-16.el8_5.4

Detailed paths

  • Introduced through: centos@latest vim-minimal@2:8.0.1763-15.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream vim-minimal package. See How to fix? for Centos:8 relevant versions.

vim is vulnerable to Heap-based Buffer Overflow

Remediation

Upgrade Centos:8 vim-minimal to version 2:8.0.1763-16.el8_5.4 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: vim-minimal
  • Introduced through: vim-minimal@2:8.0.1763-15.el8
  • Fixed in: 2:8.0.1763-19.el8_6.2

Detailed paths

  • Introduced through: centos@latest vim-minimal@2:8.0.1763-15.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream vim-minimal package. See How to fix? for Centos:8 relevant versions.

Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

Remediation

Upgrade Centos:8 vim-minimal to version 2:8.0.1763-19.el8_6.2 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: vim-minimal
  • Introduced through: vim-minimal@2:8.0.1763-15.el8
  • Fixed in: 2:8.0.1763-19.el8_6.4

Detailed paths

  • Introduced through: centos@latest vim-minimal@2:8.0.1763-15.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream vim-minimal package. See How to fix? for Centos:8 relevant versions.

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.

Remediation

Upgrade Centos:8 vim-minimal to version 2:8.0.1763-19.el8_6.4 or higher.

References

medium severity

Use After Free

  • Vulnerable module: vim-minimal
  • Introduced through: vim-minimal@2:8.0.1763-15.el8
  • Fixed in: 2:8.0.1763-16.el8

Detailed paths

  • Introduced through: centos@latest vim-minimal@2:8.0.1763-15.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream vim-minimal package. See How to fix? for Centos:8 relevant versions.

vim is vulnerable to Use After Free

Remediation

Upgrade Centos:8 vim-minimal to version 2:8.0.1763-16.el8 or higher.

References

medium severity

Use After Free

  • Vulnerable module: vim-minimal
  • Introduced through: vim-minimal@2:8.0.1763-15.el8
  • Fixed in: 2:8.0.1763-16.el8_5.12

Detailed paths

  • Introduced through: centos@latest vim-minimal@2:8.0.1763-15.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream vim-minimal package. See How to fix? for Centos:8 relevant versions.

Use After Free in GitHub repository vim/vim prior to 8.2.

Remediation

Upgrade Centos:8 vim-minimal to version 2:8.0.1763-16.el8_5.12 or higher.

References

medium severity

Incorrect Authorization

  • Vulnerable module: krb5-libs
  • Introduced through: krb5-libs@1.18.2-8.el8

Detailed paths

  • Introduced through: centos@latest krb5-libs@1.18.2-8.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream krb5-libs package.

Kerberos Security Feature Bypass Vulnerability

Remediation

There is no fixed version for Centos:8 krb5-libs.

References

medium severity

Heap-based Buffer Overflow

  • Vulnerable module: vim-minimal
  • Introduced through: vim-minimal@2:8.0.1763-15.el8
  • Fixed in: 2:8.0.1763-16.el8_5.4

Detailed paths

  • Introduced through: centos@latest vim-minimal@2:8.0.1763-15.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream vim-minimal package. See How to fix? for Centos:8 relevant versions.

vim is vulnerable to Heap-based Buffer Overflow

Remediation

Upgrade Centos:8 vim-minimal to version 2:8.0.1763-16.el8_5.4 or higher.

References

medium severity

Integer Overflow or Wraparound

  • Vulnerable module: cpio
  • Introduced through: cpio@2.12-10.el8
  • Fixed in: 0:2.12-11.el8

Detailed paths

  • Introduced through: centos@latest cpio@2.12-10.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream cpio package. See How to fix? for Centos:8 relevant versions.

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.

Remediation

Upgrade Centos:8 cpio to version 0:2.12-11.el8 or higher.

References

medium severity

Buffer Overflow

  • Vulnerable module: glibc
  • Introduced through: glibc@2.28-151.el8
  • Fixed in: 0:2.28-164.el8_5.3

Detailed paths

  • Introduced through: centos@latest glibc@2.28-151.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc package. See How to fix? for Centos:8 relevant versions.

The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Remediation

Upgrade Centos:8 glibc to version 0:2.28-164.el8_5.3 or higher.

References

medium severity

Buffer Overflow

  • Vulnerable module: glibc
  • Introduced through: glibc@2.28-151.el8
  • Fixed in: 0:2.28-164.el8_5.3

Detailed paths

  • Introduced through: centos@latest glibc@2.28-151.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc package. See How to fix? for Centos:8 relevant versions.

The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Remediation

Upgrade Centos:8 glibc to version 0:2.28-164.el8_5.3 or higher.

References

medium severity

Buffer Overflow

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.28-151.el8
  • Fixed in: 0:2.28-164.el8_5.3

Detailed paths

  • Introduced through: centos@latest glibc-common@2.28-151.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc-common package. See How to fix? for Centos:8 relevant versions.

The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Remediation

Upgrade Centos:8 glibc-common to version 0:2.28-164.el8_5.3 or higher.

References

medium severity

Buffer Overflow

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.28-151.el8
  • Fixed in: 0:2.28-164.el8_5.3

Detailed paths

  • Introduced through: centos@latest glibc-common@2.28-151.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc-common package. See How to fix? for Centos:8 relevant versions.

The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Remediation

Upgrade Centos:8 glibc-common to version 0:2.28-164.el8_5.3 or higher.

References

medium severity

Buffer Overflow

  • Vulnerable module: glibc-minimal-langpack
  • Introduced through: glibc-minimal-langpack@2.28-151.el8
  • Fixed in: 0:2.28-164.el8_5.3

Detailed paths

  • Introduced through: centos@latest glibc-minimal-langpack@2.28-151.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc-minimal-langpack package. See How to fix? for Centos:8 relevant versions.

The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Remediation

Upgrade Centos:8 glibc-minimal-langpack to version 0:2.28-164.el8_5.3 or higher.

References

medium severity

Buffer Overflow

  • Vulnerable module: glibc-minimal-langpack
  • Introduced through: glibc-minimal-langpack@2.28-151.el8
  • Fixed in: 0:2.28-164.el8_5.3

Detailed paths

  • Introduced through: centos@latest glibc-minimal-langpack@2.28-151.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc-minimal-langpack package. See How to fix? for Centos:8 relevant versions.

The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Remediation

Upgrade Centos:8 glibc-minimal-langpack to version 0:2.28-164.el8_5.3 or higher.

References

medium severity

CVE-2005-2541

  • Vulnerable module: tar
  • Introduced through: tar@2:1.30-5.el8

Detailed paths

  • Introduced through: centos@latest tar@2:1.30-5.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream tar package.

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.

Remediation

There is no fixed version for Centos:8 tar.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: zlib
  • Introduced through: zlib@1.2.11-17.el8
  • Fixed in: 0:1.2.11-19.el8_6

Detailed paths

  • Introduced through: centos@latest zlib@1.2.11-17.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream zlib package. See How to fix? for Centos:8 relevant versions.

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

Remediation

Upgrade Centos:8 zlib to version 0:1.2.11-19.el8_6 or higher.

References

medium severity

HTTP Request Smuggling

  • Vulnerable module: bind-export-libs
  • Introduced through: bind-export-libs@32:9.11.26-3.el8
  • Fixed in: 32:9.11.36-5.el8

Detailed paths

  • Introduced through: centos@latest bind-export-libs@32:9.11.26-3.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream bind-export-libs package. See How to fix? for Centos:8 relevant versions.

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.

Remediation

Upgrade Centos:8 bind-export-libs to version 32:9.11.36-5.el8 or higher.

References

medium severity

OS Command Injection

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.1.1g-15.el8_3
  • Fixed in: 1:1.1.1k-7.el8_6

Detailed paths

  • Introduced through: centos@latest openssl-libs@1:1.1.1g-15.el8_3

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl-libs package. See How to fix? for Centos:8 relevant versions.

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).

Remediation

Upgrade Centos:8 openssl-libs to version 1:1.1.1k-7.el8_6 or higher.

References

medium severity

OS Command Injection

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.1.1g-15.el8_3
  • Fixed in: 1:1.1.1k-7.el8_6

Detailed paths

  • Introduced through: centos@latest openssl-libs@1:1.1.1g-15.el8_3

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl-libs package. See How to fix? for Centos:8 relevant versions.

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).

Remediation

Upgrade Centos:8 openssl-libs to version 1:1.1.1k-7.el8_6 or higher.

References

medium severity

Insufficient Verification of Data Authenticity

  • Vulnerable module: python3-rpm
  • Introduced through: python3-rpm@4.14.3-13.el8
  • Fixed in: 0:4.14.3-14.el8_4

Detailed paths

  • Introduced through: centos@latest python3-rpm@4.14.3-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream python3-rpm package. See How to fix? for Centos:8 relevant versions.

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Remediation

Upgrade Centos:8 python3-rpm to version 0:4.14.3-14.el8_4 or higher.

References

medium severity

Insufficient Verification of Data Authenticity

  • Vulnerable module: rpm
  • Introduced through: rpm@4.14.3-13.el8
  • Fixed in: 0:4.14.3-14.el8_4

Detailed paths

  • Introduced through: centos@latest rpm@4.14.3-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream rpm package. See How to fix? for Centos:8 relevant versions.

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Remediation

Upgrade Centos:8 rpm to version 0:4.14.3-14.el8_4 or higher.

References

medium severity

Insufficient Verification of Data Authenticity

  • Vulnerable module: rpm-build-libs
  • Introduced through: rpm-build-libs@4.14.3-13.el8
  • Fixed in: 0:4.14.3-14.el8_4

Detailed paths

  • Introduced through: centos@latest rpm-build-libs@4.14.3-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream rpm-build-libs package. See How to fix? for Centos:8 relevant versions.

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Remediation

Upgrade Centos:8 rpm-build-libs to version 0:4.14.3-14.el8_4 or higher.

References

medium severity

Insufficient Verification of Data Authenticity

  • Vulnerable module: rpm-libs
  • Introduced through: rpm-libs@4.14.3-13.el8
  • Fixed in: 0:4.14.3-14.el8_4

Detailed paths

  • Introduced through: centos@latest rpm-libs@4.14.3-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream rpm-libs package. See How to fix? for Centos:8 relevant versions.

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Remediation

Upgrade Centos:8 rpm-libs to version 0:4.14.3-14.el8_4 or higher.

References

medium severity

Link Following

  • Vulnerable module: libarchive
  • Introduced through: libarchive@3.3.3-1.el8
  • Fixed in: 0:3.3.3-3.el8_5

Detailed paths

  • Introduced through: centos@latest libarchive@3.3.3-1.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libarchive package. See How to fix? for Centos:8 relevant versions.

An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.

Remediation

Upgrade Centos:8 libarchive to version 0:3.3.3-3.el8_5 or higher.

References

medium severity

Heap-based Buffer Overflow

  • Vulnerable module: vim-minimal
  • Introduced through: vim-minimal@2:8.0.1763-15.el8
  • Fixed in: 2:8.0.1763-16.el8_5.4

Detailed paths

  • Introduced through: centos@latest vim-minimal@2:8.0.1763-15.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream vim-minimal package. See How to fix? for Centos:8 relevant versions.

vim is vulnerable to Heap-based Buffer Overflow

Remediation

Upgrade Centos:8 vim-minimal to version 2:8.0.1763-16.el8_5.4 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: vim-minimal
  • Introduced through: vim-minimal@2:8.0.1763-15.el8
  • Fixed in: 2:8.0.1763-16.el8_5.12

Detailed paths

  • Introduced through: centos@latest vim-minimal@2:8.0.1763-15.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream vim-minimal package. See How to fix? for Centos:8 relevant versions.

Heap-based Buffer Overflow in vim/vim prior to 8.2.

Remediation

Upgrade Centos:8 vim-minimal to version 2:8.0.1763-16.el8_5.12 or higher.

References

medium severity

Reachable Assertion

  • Vulnerable module: bind-export-libs
  • Introduced through: bind-export-libs@32:9.11.26-3.el8
  • Fixed in: 32:9.11.26-6.el8

Detailed paths

  • Introduced through: centos@latest bind-export-libs@32:9.11.26-3.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream bind-export-libs package. See How to fix? for Centos:8 relevant versions.

In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.

Remediation

Upgrade Centos:8 bind-export-libs to version 32:9.11.26-6.el8 or higher.

References

medium severity

Improper Input Validation

  • Vulnerable module: binutils
  • Introduced through: binutils@2.30-93.el8
  • Fixed in: 0:2.30-108.el8

Detailed paths

  • Introduced through: centos@latest binutils@2.30-93.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream binutils package. See How to fix? for Centos:8 relevant versions.

There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.

Remediation

Upgrade Centos:8 binutils to version 0:2.30-108.el8 or higher.

References

medium severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: curl
  • Introduced through: curl@7.61.1-18.el8
  • Fixed in: 0:7.61.1-22.el8_6.4

Detailed paths

  • Introduced through: centos@latest curl@7.61.1-18.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See How to fix? for Centos:8 relevant versions.

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.

Remediation

Upgrade Centos:8 curl to version 0:7.61.1-22.el8_6.4 or higher.

References

medium severity

Improper Handling of Exceptional Conditions

  • Vulnerable module: curl
  • Introduced through: curl@7.61.1-18.el8
  • Fixed in: 0:7.61.1-18.el8_4.1

Detailed paths

  • Introduced through: centos@latest curl@7.61.1-18.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See How to fix? for Centos:8 relevant versions.

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.

Remediation

Upgrade Centos:8 curl to version 0:7.61.1-18.el8_4.1 or higher.

References

medium severity

CVE-2022-42012

  • Vulnerable module: dbus
  • Introduced through: dbus@1:1.12.8-12.el8

Detailed paths

  • Introduced through: centos@latest dbus@1:1.12.8-12.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dbus package.

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

Remediation

There is no fixed version for Centos:8 dbus.

References

medium severity

Improper Validation of Array Index

  • Vulnerable module: dbus
  • Introduced through: dbus@1:1.12.8-12.el8

Detailed paths

  • Introduced through: centos@latest dbus@1:1.12.8-12.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dbus package.

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.

Remediation

There is no fixed version for Centos:8 dbus.

References

medium severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: dbus
  • Introduced through: dbus@1:1.12.8-12.el8

Detailed paths

  • Introduced through: centos@latest dbus@1:1.12.8-12.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dbus package.

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.

Remediation

There is no fixed version for Centos:8 dbus.

References

medium severity

CVE-2022-42012

  • Vulnerable module: dbus-common
  • Introduced through: dbus-common@1:1.12.8-12.el8

Detailed paths

  • Introduced through: centos@latest dbus-common@1:1.12.8-12.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dbus-common package.

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

Remediation

There is no fixed version for Centos:8 dbus-common.

References

medium severity

Improper Validation of Array Index

  • Vulnerable module: dbus-common
  • Introduced through: dbus-common@1:1.12.8-12.el8

Detailed paths

  • Introduced through: centos@latest dbus-common@1:1.12.8-12.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dbus-common package.

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.

Remediation

There is no fixed version for Centos:8 dbus-common.

References

medium severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: dbus-common
  • Introduced through: dbus-common@1:1.12.8-12.el8

Detailed paths

  • Introduced through: centos@latest dbus-common@1:1.12.8-12.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dbus-common package.

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.

Remediation

There is no fixed version for Centos:8 dbus-common.

References

medium severity

CVE-2022-42012

  • Vulnerable module: dbus-daemon
  • Introduced through: dbus-daemon@1:1.12.8-12.el8

Detailed paths

  • Introduced through: centos@latest dbus-daemon@1:1.12.8-12.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dbus-daemon package.

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

Remediation

There is no fixed version for Centos:8 dbus-daemon.

References

medium severity

Improper Validation of Array Index

  • Vulnerable module: dbus-daemon
  • Introduced through: dbus-daemon@1:1.12.8-12.el8

Detailed paths

  • Introduced through: centos@latest dbus-daemon@1:1.12.8-12.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dbus-daemon package.

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.

Remediation

There is no fixed version for Centos:8 dbus-daemon.

References

medium severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: dbus-daemon
  • Introduced through: dbus-daemon@1:1.12.8-12.el8

Detailed paths

  • Introduced through: centos@latest dbus-daemon@1:1.12.8-12.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dbus-daemon package.

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.

Remediation

There is no fixed version for Centos:8 dbus-daemon.

References

medium severity

CVE-2022-42012

  • Vulnerable module: dbus-libs
  • Introduced through: dbus-libs@1:1.12.8-12.el8

Detailed paths

  • Introduced through: centos@latest dbus-libs@1:1.12.8-12.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dbus-libs package.

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

Remediation

There is no fixed version for Centos:8 dbus-libs.

References

medium severity

Improper Validation of Array Index

  • Vulnerable module: dbus-libs
  • Introduced through: dbus-libs@1:1.12.8-12.el8

Detailed paths

  • Introduced through: centos@latest dbus-libs@1:1.12.8-12.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dbus-libs package.

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.

Remediation

There is no fixed version for Centos:8 dbus-libs.

References

medium severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: dbus-libs
  • Introduced through: dbus-libs@1:1.12.8-12.el8

Detailed paths

  • Introduced through: centos@latest dbus-libs@1:1.12.8-12.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dbus-libs package.

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.

Remediation

There is no fixed version for Centos:8 dbus-libs.

References

medium severity

CVE-2022-42012

  • Vulnerable module: dbus-tools
  • Introduced through: dbus-tools@1:1.12.8-12.el8

Detailed paths

  • Introduced through: centos@latest dbus-tools@1:1.12.8-12.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dbus-tools package.

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

Remediation

There is no fixed version for Centos:8 dbus-tools.

References

medium severity

Improper Validation of Array Index

  • Vulnerable module: dbus-tools
  • Introduced through: dbus-tools@1:1.12.8-12.el8

Detailed paths

  • Introduced through: centos@latest dbus-tools@1:1.12.8-12.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dbus-tools package.

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.

Remediation

There is no fixed version for Centos:8 dbus-tools.

References

medium severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: dbus-tools
  • Introduced through: dbus-tools@1:1.12.8-12.el8

Detailed paths

  • Introduced through: centos@latest dbus-tools@1:1.12.8-12.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dbus-tools package.

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.

Remediation

There is no fixed version for Centos:8 dbus-tools.

References

medium severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: dhcp-client
  • Introduced through: dhcp-client@12:4.3.6-44.0.1.el8

Detailed paths

  • Introduced through: centos@latest dhcp-client@12:4.3.6-44.0.1.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dhcp-client package.

In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.

Remediation

There is no fixed version for Centos:8 dhcp-client.

References

medium severity

NULL Pointer Dereference

  • Vulnerable module: dhcp-client
  • Introduced through: dhcp-client@12:4.3.6-44.0.1.el8

Detailed paths

  • Introduced through: centos@latest dhcp-client@12:4.3.6-44.0.1.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dhcp-client package.

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.

Remediation

There is no fixed version for Centos:8 dhcp-client.

References

medium severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: dhcp-common
  • Introduced through: dhcp-common@12:4.3.6-44.0.1.el8

Detailed paths

  • Introduced through: centos@latest dhcp-common@12:4.3.6-44.0.1.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dhcp-common package.

In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.

Remediation

There is no fixed version for Centos:8 dhcp-common.

References

medium severity

NULL Pointer Dereference

  • Vulnerable module: dhcp-common
  • Introduced through: dhcp-common@12:4.3.6-44.0.1.el8

Detailed paths

  • Introduced through: centos@latest dhcp-common@12:4.3.6-44.0.1.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dhcp-common package.

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.

Remediation

There is no fixed version for Centos:8 dhcp-common.

References

medium severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: dhcp-libs
  • Introduced through: dhcp-libs@12:4.3.6-44.0.1.el8

Detailed paths

  • Introduced through: centos@latest dhcp-libs@12:4.3.6-44.0.1.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dhcp-libs package.

In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.

Remediation

There is no fixed version for Centos:8 dhcp-libs.

References

medium severity

NULL Pointer Dereference

  • Vulnerable module: dhcp-libs
  • Introduced through: dhcp-libs@12:4.3.6-44.0.1.el8

Detailed paths

  • Introduced through: centos@latest dhcp-libs@12:4.3.6-44.0.1.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dhcp-libs package.

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.

Remediation

There is no fixed version for Centos:8 dhcp-libs.

References

medium severity

Resource Exhaustion

  • Vulnerable module: expat
  • Introduced through: expat@2.2.5-4.el8
  • Fixed in: 0:2.2.5-8.el8_6.2

Detailed paths

  • Introduced through: centos@latest expat@2.2.5-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream expat package. See How to fix? for Centos:8 relevant versions.

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-8.el8_6.2 or higher.

References

medium severity

NULL Pointer Dereference

  • Vulnerable module: krb5-libs
  • Introduced through: krb5-libs@1.18.2-8.el8
  • Fixed in: 0:1.18.2-8.3.el8_4

Detailed paths

  • Introduced through: centos@latest krb5-libs@1.18.2-8.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream krb5-libs package. See How to fix? for Centos:8 relevant versions.

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.

Remediation

Upgrade Centos:8 krb5-libs to version 0:1.18.2-8.3.el8_4 or higher.

References

medium severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: libcurl-minimal
  • Introduced through: libcurl-minimal@7.61.1-18.el8
  • Fixed in: 0:7.61.1-22.el8_6.4

Detailed paths

  • Introduced through: centos@latest libcurl-minimal@7.61.1-18.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libcurl-minimal package. See How to fix? for Centos:8 relevant versions.

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.

Remediation

Upgrade Centos:8 libcurl-minimal to version 0:7.61.1-22.el8_6.4 or higher.

References

medium severity

Improper Handling of Exceptional Conditions

  • Vulnerable module: libcurl-minimal
  • Introduced through: libcurl-minimal@7.61.1-18.el8
  • Fixed in: 0:7.61.1-18.el8_4.1

Detailed paths

  • Introduced through: centos@latest libcurl-minimal@7.61.1-18.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libcurl-minimal package. See How to fix? for Centos:8 relevant versions.

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.

Remediation

Upgrade Centos:8 libcurl-minimal to version 0:7.61.1-18.el8_4.1 or higher.

References

medium severity

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.7-9.el8
  • Fixed in: 0:2.9.7-9.el8_4.2

Detailed paths

  • Introduced through: centos@latest libxml2@2.9.7-9.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libxml2 package. See How to fix? for Centos:8 relevant versions.

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

Remediation

Upgrade Centos:8 libxml2 to version 0:2.9.7-9.el8_4.2 or higher.

References

medium severity

Resource Exhaustion

  • Vulnerable module: platform-python
  • Introduced through: platform-python@3.6.8-37.el8
  • Fixed in: 0:3.6.8-45.el8

Detailed paths

  • Introduced through: centos@latest platform-python@3.6.8-37.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream platform-python package. See How to fix? for Centos:8 relevant versions.

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

Remediation

Upgrade Centos:8 platform-python to version 0:3.6.8-45.el8 or higher.

References

medium severity

Resource Exhaustion

  • Vulnerable module: platform-python
  • Introduced through: platform-python@3.6.8-37.el8
  • Fixed in: 0:3.6.8-39.el8_4

Detailed paths

  • Introduced through: centos@latest platform-python@3.6.8-37.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream platform-python package. See How to fix? for Centos:8 relevant versions.

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.

Remediation

Upgrade Centos:8 platform-python to version 0:3.6.8-39.el8_4 or higher.

References

medium severity

Resource Exhaustion

  • Vulnerable module: python3-libs
  • Introduced through: python3-libs@3.6.8-37.el8
  • Fixed in: 0:3.6.8-39.el8_4

Detailed paths

  • Introduced through: centos@latest python3-libs@3.6.8-37.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream python3-libs package. See How to fix? for Centos:8 relevant versions.

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.

Remediation

Upgrade Centos:8 python3-libs to version 0:3.6.8-39.el8_4 or higher.

References

medium severity

Resource Exhaustion

  • Vulnerable module: python3-libs
  • Introduced through: python3-libs@3.6.8-37.el8
  • Fixed in: 0:3.6.8-45.el8

Detailed paths

  • Introduced through: centos@latest python3-libs@3.6.8-37.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream python3-libs package. See How to fix? for Centos:8 relevant versions.

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

Remediation

Upgrade Centos:8 python3-libs to version 0:3.6.8-45.el8 or higher.

References

medium severity

Link Following

  • Vulnerable module: python3-rpm
  • Introduced through: python3-rpm@4.14.3-13.el8

Detailed paths

  • Introduced through: centos@latest python3-rpm@4.14.3-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream python3-rpm package.

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Remediation

There is no fixed version for Centos:8 python3-rpm.

References

medium severity

Link Following

  • Vulnerable module: python3-rpm
  • Introduced through: python3-rpm@4.14.3-13.el8

Detailed paths

  • Introduced through: centos@latest python3-rpm@4.14.3-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream python3-rpm package.

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Remediation

There is no fixed version for Centos:8 python3-rpm.

References

medium severity

Link Following

  • Vulnerable module: rpm
  • Introduced through: rpm@4.14.3-13.el8

Detailed paths

  • Introduced through: centos@latest rpm@4.14.3-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream rpm package.

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Remediation

There is no fixed version for Centos:8 rpm.

References

medium severity

Link Following

  • Vulnerable module: rpm
  • Introduced through: rpm@4.14.3-13.el8

Detailed paths

  • Introduced through: centos@latest rpm@4.14.3-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream rpm package.

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Remediation

There is no fixed version for Centos:8 rpm.

References

medium severity

Link Following

  • Vulnerable module: rpm-build-libs
  • Introduced through: rpm-build-libs@4.14.3-13.el8

Detailed paths

  • Introduced through: centos@latest rpm-build-libs@4.14.3-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream rpm-build-libs package.

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Remediation

There is no fixed version for Centos:8 rpm-build-libs.

References

medium severity

Link Following

  • Vulnerable module: rpm-build-libs
  • Introduced through: rpm-build-libs@4.14.3-13.el8

Detailed paths

  • Introduced through: centos@latest rpm-build-libs@4.14.3-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream rpm-build-libs package.

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Remediation

There is no fixed version for Centos:8 rpm-build-libs.

References

medium severity

Link Following

  • Vulnerable module: rpm-libs
  • Introduced through: rpm-libs@4.14.3-13.el8

Detailed paths

  • Introduced through: centos@latest rpm-libs@4.14.3-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream rpm-libs package.

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Remediation

There is no fixed version for Centos:8 rpm-libs.

References

medium severity

Link Following

  • Vulnerable module: rpm-libs
  • Introduced through: rpm-libs@4.14.3-13.el8

Detailed paths

  • Introduced through: centos@latest rpm-libs@4.14.3-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream rpm-libs package.

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Remediation

There is no fixed version for Centos:8 rpm-libs.

References

medium severity

Improper Input Validation

  • Vulnerable module: sqlite-libs
  • Introduced through: sqlite-libs@3.26.0-13.el8
  • Fixed in: 0:3.26.0-15.el8

Detailed paths

  • Introduced through: centos@latest sqlite-libs@3.26.0-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite-libs package. See How to fix? for Centos:8 relevant versions.

Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.

Remediation

Upgrade Centos:8 sqlite-libs to version 0:3.26.0-15.el8 or higher.

References

medium severity

Use of Uninitialized Resource

  • Vulnerable module: sqlite-libs
  • Introduced through: sqlite-libs@3.26.0-13.el8
  • Fixed in: 0:3.26.0-15.el8

Detailed paths

  • Introduced through: centos@latest sqlite-libs@3.26.0-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite-libs package. See How to fix? for Centos:8 relevant versions.

Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Remediation

Upgrade Centos:8 sqlite-libs to version 0:3.26.0-15.el8 or higher.

References

medium severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: dnf
  • Introduced through: dnf@4.4.2-11.el8
  • Fixed in: 0:4.7.0-4.el8

Detailed paths

  • Introduced through: centos@latest dnf@4.4.2-11.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dnf package. See How to fix? for Centos:8 relevant versions.

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.

Remediation

Upgrade Centos:8 dnf to version 0:4.7.0-4.el8 or higher.

References

medium severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: dnf-data
  • Introduced through: dnf-data@4.4.2-11.el8
  • Fixed in: 0:4.7.0-4.el8

Detailed paths

  • Introduced through: centos@latest dnf-data@4.4.2-11.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream dnf-data package. See How to fix? for Centos:8 relevant versions.

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.

Remediation

Upgrade Centos:8 dnf-data to version 0:4.7.0-4.el8 or higher.

References

medium severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: libdnf
  • Introduced through: libdnf@0.55.0-7.el8
  • Fixed in: 0:0.63.0-3.el8

Detailed paths

  • Introduced through: centos@latest libdnf@0.55.0-7.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libdnf package. See How to fix? for Centos:8 relevant versions.

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.

Remediation

Upgrade Centos:8 libdnf to version 0:0.63.0-3.el8 or higher.

References

medium severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: python3-dnf
  • Introduced through: python3-dnf@4.4.2-11.el8
  • Fixed in: 0:4.7.0-4.el8

Detailed paths

  • Introduced through: centos@latest python3-dnf@4.4.2-11.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream python3-dnf package. See How to fix? for Centos:8 relevant versions.

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.

Remediation

Upgrade Centos:8 python3-dnf to version 0:4.7.0-4.el8 or higher.

References

medium severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: python3-hawkey
  • Introduced through: python3-hawkey@0.55.0-7.el8
  • Fixed in: 0:0.63.0-3.el8

Detailed paths

  • Introduced through: centos@latest python3-hawkey@0.55.0-7.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream python3-hawkey package. See How to fix? for Centos:8 relevant versions.

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.

Remediation

Upgrade Centos:8 python3-hawkey to version 0:0.63.0-3.el8 or higher.

References

medium severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: python3-libdnf
  • Introduced through: python3-libdnf@0.55.0-7.el8
  • Fixed in: 0:0.63.0-3.el8

Detailed paths

  • Introduced through: centos@latest python3-libdnf@0.55.0-7.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream python3-libdnf package. See How to fix? for Centos:8 relevant versions.

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.

Remediation

Upgrade Centos:8 python3-libdnf to version 0:0.63.0-3.el8 or higher.

References

medium severity

Information Exposure

  • Vulnerable module: systemd
  • Introduced through: systemd@239-45.el8

Detailed paths

  • Introduced through: centos@latest systemd@239-45.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd package.

systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.

Remediation

There is no fixed version for Centos:8 systemd.

References

medium severity

Information Exposure

  • Vulnerable module: systemd-libs
  • Introduced through: systemd-libs@239-45.el8

Detailed paths

  • Introduced through: centos@latest systemd-libs@239-45.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd-libs package.

systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.

Remediation

There is no fixed version for Centos:8 systemd-libs.

References

medium severity

Information Exposure

  • Vulnerable module: systemd-pam
  • Introduced through: systemd-pam@239-45.el8

Detailed paths

  • Introduced through: centos@latest systemd-pam@239-45.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd-pam package.

systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.

Remediation

There is no fixed version for Centos:8 systemd-pam.

References

medium severity

Information Exposure

  • Vulnerable module: systemd-udev
  • Introduced through: systemd-udev@239-45.el8

Detailed paths

  • Introduced through: centos@latest systemd-udev@239-45.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd-udev package.

systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.

Remediation

There is no fixed version for Centos:8 systemd-udev.

References

medium severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: yum
  • Introduced through: yum@4.4.2-11.el8
  • Fixed in: 0:4.7.0-4.el8

Detailed paths

  • Introduced through: centos@latest yum@4.4.2-11.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream yum package. See How to fix? for Centos:8 relevant versions.

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.

Remediation

Upgrade Centos:8 yum to version 0:4.7.0-4.el8 or higher.

References

medium severity

Link Following

  • Vulnerable module: python3-rpm
  • Introduced through: python3-rpm@4.14.3-13.el8

Detailed paths

  • Introduced through: centos@latest python3-rpm@4.14.3-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream python3-rpm package.

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Remediation

There is no fixed version for Centos:8 python3-rpm.

References

medium severity

Link Following

  • Vulnerable module: rpm
  • Introduced through: rpm@4.14.3-13.el8

Detailed paths

  • Introduced through: centos@latest rpm@4.14.3-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream rpm package.

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Remediation

There is no fixed version for Centos:8 rpm.

References

medium severity

Link Following

  • Vulnerable module: rpm-build-libs
  • Introduced through: rpm-build-libs@4.14.3-13.el8

Detailed paths

  • Introduced through: centos@latest rpm-build-libs@4.14.3-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream rpm-build-libs package.

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Remediation

There is no fixed version for Centos:8 rpm-build-libs.

References

medium severity

Link Following

  • Vulnerable module: rpm-libs
  • Introduced through: rpm-libs@4.14.3-13.el8

Detailed paths

  • Introduced through: centos@latest rpm-libs@4.14.3-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream rpm-libs package.

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Remediation

There is no fixed version for Centos:8 rpm-libs.

References

medium severity
new

CVE-2022-45873

  • Vulnerable module: systemd
  • Introduced through: systemd@239-45.el8

Detailed paths

  • Introduced through: centos@latest systemd@239-45.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd package.

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.

Remediation

There is no fixed version for Centos:8 systemd.

References

medium severity
new

CVE-2022-45873

  • Vulnerable module: systemd-libs
  • Introduced through: systemd-libs@239-45.el8

Detailed paths

  • Introduced through: centos@latest systemd-libs@239-45.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd-libs package.

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.

Remediation

There is no fixed version for Centos:8 systemd-libs.

References

medium severity
new

CVE-2022-45873

  • Vulnerable module: systemd-pam
  • Introduced through: systemd-pam@239-45.el8

Detailed paths

  • Introduced through: centos@latest systemd-pam@239-45.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd-pam package.

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.

Remediation

There is no fixed version for Centos:8 systemd-pam.

References

medium severity
new

CVE-2022-45873

  • Vulnerable module: systemd-udev
  • Introduced through: systemd-udev@239-45.el8

Detailed paths

  • Introduced through: centos@latest systemd-udev@239-45.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd-udev package.

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.

Remediation

There is no fixed version for Centos:8 systemd-udev.

References

medium severity

Insufficient Verification of Data Authenticity

  • Vulnerable module: curl
  • Introduced through: curl@7.61.1-18.el8
  • Fixed in: 0:7.61.1-18.el8_4.2

Detailed paths

  • Introduced through: centos@latest curl@7.61.1-18.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See How to fix? for Centos:8 relevant versions.

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got before the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.

Remediation

Upgrade Centos:8 curl to version 0:7.61.1-18.el8_4.2 or higher.

References

medium severity

Insufficient Verification of Data Authenticity

  • Vulnerable module: libcurl-minimal
  • Introduced through: libcurl-minimal@7.61.1-18.el8
  • Fixed in: 0:7.61.1-18.el8_4.2

Detailed paths

  • Introduced through: centos@latest libcurl-minimal@7.61.1-18.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libcurl-minimal package. See How to fix? for Centos:8 relevant versions.

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got before the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.

Remediation

Upgrade Centos:8 libcurl-minimal to version 0:7.61.1-18.el8_4.2 or higher.

References

medium severity

Cross-site Scripting (XSS)

  • Vulnerable module: libxml2
  • Introduced through: libxml2@2.9.7-9.el8
  • Fixed in: 0:2.9.7-15.el8

Detailed paths

  • Introduced through: centos@latest libxml2@2.9.7-9.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libxml2 package. See How to fix? for Centos:8 relevant versions.

Possible cross-site scripting vulnerability in libxml after commit 960f0e2.

Remediation

Upgrade Centos:8 libxml2 to version 0:2.9.7-15.el8 or higher.

References

medium severity

Insufficient Verification of Data Authenticity

  • Vulnerable module: cryptsetup-libs
  • Introduced through: cryptsetup-libs@2.3.3-4.el8
  • Fixed in: 0:2.3.3-4.el8_5.1

Detailed paths

  • Introduced through: centos@latest cryptsetup-libs@2.3.3-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream cryptsetup-libs package. See How to fix? for Centos:8 relevant versions.

It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium.

Remediation

Upgrade Centos:8 cryptsetup-libs to version 0:2.3.3-4.el8_5.1 or higher.

References

medium severity

Use After Free

  • Vulnerable module: glibc
  • Introduced through: glibc@2.28-151.el8
  • Fixed in: 0:2.28-164.el8

Detailed paths

  • Introduced through: centos@latest glibc@2.28-151.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc package. See How to fix? for Centos:8 relevant versions.

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.

Remediation

Upgrade Centos:8 glibc to version 0:2.28-164.el8 or higher.

References

medium severity

Use After Free

  • Vulnerable module: glibc-common
  • Introduced through: glibc-common@2.28-151.el8
  • Fixed in: 0:2.28-164.el8

Detailed paths

  • Introduced through: centos@latest glibc-common@2.28-151.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc-common package. See How to fix? for Centos:8 relevant versions.

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.

Remediation

Upgrade Centos:8 glibc-common to version 0:2.28-164.el8 or higher.

References

medium severity

Use After Free

  • Vulnerable module: glibc-minimal-langpack
  • Introduced through: glibc-minimal-langpack@2.28-151.el8
  • Fixed in: 0:2.28-164.el8

Detailed paths

  • Introduced through: centos@latest glibc-minimal-langpack@2.28-151.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glibc-minimal-langpack package. See How to fix? for Centos:8 relevant versions.

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.

Remediation

Upgrade Centos:8 glibc-minimal-langpack to version 0:2.28-164.el8 or higher.

References

medium severity

Arbitrary Code Injection

  • Vulnerable module: gnupg2
  • Introduced through: gnupg2@2.2.20-2.el8
  • Fixed in: 0:2.2.20-3.el8_6

Detailed paths

  • Introduced through: centos@latest gnupg2@2.2.20-2.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream gnupg2 package. See How to fix? for Centos:8 relevant versions.

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.

Remediation

Upgrade Centos:8 gnupg2 to version 0:2.2.20-3.el8_6 or higher.

References

medium severity

Arbitrary Code Injection

  • Vulnerable module: gpgme
  • Introduced through: gpgme@1.13.1-7.el8

Detailed paths

  • Introduced through: centos@latest gpgme@1.13.1-7.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream gpgme package.

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.

Remediation

There is no fixed version for Centos:8 gpgme.

References

medium severity

Exposure of Resource to Wrong Sphere

  • Vulnerable module: libgcrypt
  • Introduced through: libgcrypt@1.8.5-4.el8

Detailed paths

  • Introduced through: centos@latest libgcrypt@1.8.5-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libgcrypt package.

** DISPUTED ** In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack.

Remediation

There is no fixed version for Centos:8 libgcrypt.

References

medium severity

Use of a Broken or Risky Cryptographic Algorithm

  • Vulnerable module: libgcrypt
  • Introduced through: libgcrypt@1.8.5-4.el8
  • Fixed in: 0:1.8.5-7.el8_6

Detailed paths

  • Introduced through: centos@latest libgcrypt@1.8.5-4.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libgcrypt package. See How to fix? for Centos:8 relevant versions.

The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.

Remediation

Upgrade Centos:8 libgcrypt to version 0:1.8.5-7.el8_6 or higher.

References

medium severity
new

Out-of-bounds Read

  • Vulnerable module: libtasn1
  • Introduced through: libtasn1@4.13-3.el8

Detailed paths

  • Introduced through: centos@latest libtasn1@4.13-3.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libtasn1 package.

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.

Remediation

There is no fixed version for Centos:8 libtasn1.

References

medium severity

NULL Pointer Dereference

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.1.1g-15.el8_3
  • Fixed in: 1:1.1.1k-4.el8

Detailed paths

  • Introduced through: centos@latest openssl-libs@1:1.1.1g-15.el8_3

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl-libs package. See How to fix? for Centos:8 relevant versions.

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

Remediation

Upgrade Centos:8 openssl-libs to version 1:1.1.1k-4.el8 or higher.

References

medium severity

Arbitrary Code Injection

  • Vulnerable module: python3-gpg
  • Introduced through: python3-gpg@1.13.1-7.el8

Detailed paths

  • Introduced through: centos@latest python3-gpg@1.13.1-7.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream python3-gpg package.

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.

Remediation

There is no fixed version for Centos:8 python3-gpg.

References

medium severity

Improper Validation of Array Index

  • Vulnerable module: sqlite-libs
  • Introduced through: sqlite-libs@3.26.0-13.el8

Detailed paths

  • Introduced through: centos@latest sqlite-libs@3.26.0-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite-libs package.

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

Remediation

There is no fixed version for Centos:8 sqlite-libs.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: libcom_err
  • Introduced through: libcom_err@1.45.6-1.el8
  • Fixed in: 0:1.45.6-5.el8

Detailed paths

  • Introduced through: centos@latest libcom_err@1.45.6-1.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libcom_err package. See How to fix? for Centos:8 relevant versions.

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

Remediation

Upgrade Centos:8 libcom_err to version 0:1.45.6-5.el8 or higher.

References

medium severity

Insufficiently Protected Credentials

  • Vulnerable module: curl
  • Introduced through: curl@7.61.1-18.el8
  • Fixed in: 0:7.61.1-18.el8_4.1

Detailed paths

  • Introduced through: centos@latest curl@7.61.1-18.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See How to fix? for Centos:8 relevant versions.

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.

Remediation

Upgrade Centos:8 curl to version 0:7.61.1-18.el8_4.1 or higher.

References

medium severity

Insufficiently Protected Credentials

  • Vulnerable module: libcurl-minimal
  • Introduced through: libcurl-minimal@7.61.1-18.el8
  • Fixed in: 0:7.61.1-18.el8_4.1

Detailed paths

  • Introduced through: centos@latest libcurl-minimal@7.61.1-18.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libcurl-minimal package. See How to fix? for Centos:8 relevant versions.

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.

Remediation

Upgrade Centos:8 libcurl-minimal to version 0:7.61.1-18.el8_4.1 or higher.

References

medium severity

Directory Traversal

  • Vulnerable module: platform-python
  • Introduced through: platform-python@3.6.8-37.el8
  • Fixed in: 0:3.6.8-41.el8

Detailed paths

  • Introduced through: centos@latest platform-python@3.6.8-37.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream platform-python package. See How to fix? for Centos:8 relevant versions.

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

Remediation

Upgrade Centos:8 platform-python to version 0:3.6.8-41.el8 or higher.

References

medium severity

Directory Traversal

  • Vulnerable module: python3-libs
  • Introduced through: python3-libs@3.6.8-37.el8
  • Fixed in: 0:3.6.8-41.el8

Detailed paths

  • Introduced through: centos@latest python3-libs@3.6.8-37.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream python3-libs package. See How to fix? for Centos:8 relevant versions.

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

Remediation

Upgrade Centos:8 python3-libs to version 0:3.6.8-41.el8 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: ncurses-base
  • Introduced through: ncurses-base@6.1-7.20180224.el8

Detailed paths

  • Introduced through: centos@latest ncurses-base@6.1-7.20180224.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses-base package.

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

Remediation

There is no fixed version for Centos:8 ncurses-base.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: ncurses-libs
  • Introduced through: ncurses-libs@6.1-7.20180224.el8

Detailed paths

  • Introduced through: centos@latest ncurses-libs@6.1-7.20180224.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses-libs package.

An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

Remediation

There is no fixed version for Centos:8 ncurses-libs.

References

medium severity
new

Directory Traversal

  • Vulnerable module: platform-python
  • Introduced through: platform-python@3.6.8-37.el8

Detailed paths

  • Introduced through: centos@latest platform-python@3.6.8-37.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream platform-python package.

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

Remediation

There is no fixed version for Centos:8 platform-python.

References

medium severity
new

Directory Traversal

  • Vulnerable module: python3-libs
  • Introduced through: python3-libs@3.6.8-37.el8

Detailed paths

  • Introduced through: centos@latest python3-libs@3.6.8-37.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream python3-libs package.

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

Remediation

There is no fixed version for Centos:8 python3-libs.

References

medium severity

NULL Pointer Dereference

  • Vulnerable module: sqlite-libs
  • Introduced through: sqlite-libs@3.26.0-13.el8
  • Fixed in: 0:3.26.0-15.el8

Detailed paths

  • Introduced through: centos@latest sqlite-libs@3.26.0-13.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite-libs package. See How to fix? for Centos:8 relevant versions.

SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.

Remediation

Upgrade Centos:8 sqlite-libs to version 0:3.26.0-15.el8 or higher.

References

medium severity
new

Off-by-one Error

  • Vulnerable module: systemd
  • Introduced through: systemd@239-45.el8

Detailed paths

  • Introduced through: centos@latest systemd@239-45.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd package.

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

Remediation

There is no fixed version for Centos:8 systemd.

References

medium severity
new

Off-by-one Error

  • Vulnerable module: systemd-libs
  • Introduced through: systemd-libs@239-45.el8

Detailed paths

  • Introduced through: centos@latest systemd-libs@239-45.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd-libs package.

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

Remediation

There is no fixed version for Centos:8 systemd-libs.

References

medium severity
new

Off-by-one Error

  • Vulnerable module: systemd-pam
  • Introduced through: systemd-pam@239-45.el8

Detailed paths

  • Introduced through: centos@latest systemd-pam@239-45.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd-pam package.

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

Remediation

There is no fixed version for Centos:8 systemd-pam.

References

medium severity
new

Off-by-one Error

  • Vulnerable module: systemd-udev
  • Introduced through: systemd-udev@239-45.el8

Detailed paths

  • Introduced through: centos@latest systemd-udev@239-45.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd-udev package.

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

Remediation

There is no fixed version for Centos:8 systemd-udev.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: vim-minimal
  • Introduced through: vim-minimal@2:8.0.1763-15.el8
  • Fixed in: 2:8.0.1763-16.el8_5.4

Detailed paths

  • Introduced through: centos@latest vim-minimal@2:8.0.1763-15.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream vim-minimal package. See How to fix? for Centos:8 relevant versions.

vim is vulnerable to Out-of-bounds Read

Remediation

Upgrade Centos:8 vim-minimal to version 2:8.0.1763-16.el8_5.4 or higher.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: ncurses-base
  • Introduced through: ncurses-base@6.1-7.20180224.el8
  • Fixed in: 0:6.1-9.20180224.el8

Detailed paths

  • Introduced through: centos@latest ncurses-base@6.1-7.20180224.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses-base package. See How to fix? for Centos:8 relevant versions.

There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.

Remediation

Upgrade Centos:8 ncurses-base to version 0:6.1-9.20180224.el8 or higher.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: ncurses-libs
  • Introduced through: ncurses-libs@6.1-7.20180224.el8
  • Fixed in: 0:6.1-9.20180224.el8

Detailed paths

  • Introduced through: centos@latest ncurses-libs@6.1-7.20180224.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses-libs package. See How to fix? for Centos:8 relevant versions.

There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.

Remediation

Upgrade Centos:8 ncurses-libs to version 0:6.1-9.20180224.el8 or higher.

References

medium severity

CVE-2021-25219

  • Vulnerable module: bind-export-libs
  • Introduced through: bind-export-libs@32:9.11.26-3.el8
  • Fixed in: 32:9.11.36-3.el8

Detailed paths

  • Introduced through: centos@latest bind-export-libs@32:9.11.26-3.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream bind-export-libs package. See How to fix? for Centos:8 relevant versions.

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.

Remediation

Upgrade Centos:8 bind-export-libs to version 32:9.11.36-3.el8 or higher.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: binutils
  • Introduced through: binutils@2.30-93.el8

Detailed paths

  • Introduced through: centos@latest binutils@2.30-93.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream binutils package.

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.

Remediation

There is no fixed version for Centos:8 binutils.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: binutils
  • Introduced through: binutils@2.30-93.el8

Detailed paths

  • Introduced through: centos@latest binutils@2.30-93.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream binutils package.

load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.

Remediation

There is no fixed version for Centos:8 binutils.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: binutils
  • Introduced through: binutils@2.30-93.el8

Detailed paths

  • Introduced through: centos@latest binutils@2.30-93.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream binutils package.

An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.

Remediation

There is no fixed version for Centos:8 binutils.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: binutils
  • Introduced through: binutils@2.30-93.el8

Detailed paths

  • Introduced through: centos@latest binutils@2.30-93.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream binutils package.

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.

Remediation

There is no fixed version for Centos:8 binutils.

References

medium severity

Use After Free

  • Vulnerable module: binutils
  • Introduced through: binutils@2.30-93.el8

Detailed paths

  • Introduced through: centos@latest binutils@2.30-93.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream binutils package.

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.

Remediation

There is no fixed version for Centos:8 binutils.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: curl
  • Introduced through: curl@7.61.1-18.el8
  • Fixed in: 0:7.61.1-22.el8_6.4

Detailed paths

  • Introduced through: centos@latest curl@7.61.1-18.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See How to fix? for Centos:8 relevant versions.

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.

Remediation

Upgrade Centos:8 curl to version 0:7.61.1-22.el8_6.4 or higher.

References

medium severity

Link Following

  • Vulnerable module: glib2
  • Introduced through: glib2@2.56.4-9.el8
  • Fixed in: 0:2.56.4-156.el8

Detailed paths

  • Introduced through: centos@latest glib2@2.56.4-9.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream glib2 package. See How to fix? for Centos:8 relevant versions.

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)

Remediation

Upgrade Centos:8 glib2 to version 0:2.56.4-156.el8 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: libcurl-minimal
  • Introduced through: libcurl-minimal@7.61.1-18.el8
  • Fixed in: 0:7.61.1-22.el8_6.4

Detailed paths

  • Introduced through: centos@latest libcurl-minimal@7.61.1-18.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream libcurl-minimal package. See How to fix? for Centos:8 relevant versions.

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.

Remediation

Upgrade Centos:8 libcurl-minimal to version 0:7.61.1-22.el8_6.4 or higher.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: ncurses-base
  • Introduced through: ncurses-base@6.1-7.20180224.el8
  • Fixed in: 0:6.1-9.20180224.el8

Detailed paths

  • Introduced through: centos@latest ncurses-base@6.1-7.20180224.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses-base package. See How to fix? for Centos:8 relevant versions.

There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.

Remediation

Upgrade Centos:8 ncurses-base to version 0:6.1-9.20180224.el8 or higher.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: ncurses-libs
  • Introduced through: ncurses-libs@6.1-7.20180224.el8
  • Fixed in: 0:6.1-9.20180224.el8

Detailed paths

  • Introduced through: centos@latest ncurses-libs@6.1-7.20180224.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses-libs package. See How to fix? for Centos:8 relevant versions.

There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.

Remediation

Upgrade Centos:8 ncurses-libs to version 0:6.1-9.20180224.el8 or higher.

References

medium severity

Inadequate Encryption Strength

  • Vulnerable module: openssl-libs
  • Introduced through: openssl-libs@1:1.1.1g-15.el8_3
  • Fixed in: 1:1.1.1k-7.el8_6

Detailed paths

  • Introduced through: centos@latest openssl-libs@1:1.1.1g-15.el8_3

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl-libs package. See How to fix? for Centos:8 relevant versions.

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

Remediation

Upgrade Centos:8 openssl-libs to version 1:1.1.1k-7.el8_6 or higher.

References

medium severity

Arbitrary Code Injection

  • Vulnerable module: platform-python
  • Introduced through: platform-python@3.6.8-37.el8
  • Fixed in: 0:3.6.8-47.el8_6

Detailed paths

  • Introduced through: centos@latest platform-python@3.6.8-37.el8

NVD Description

Note: Versions mentioned in the description apply to the upstream platform-python package. See How to fix? for Centos:8 relevant versions.

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.

Remediation

Upgrade Centos:8 platform-python to version 0:3.6.8-47.el8_6 or higher.

References

medium severity

Unchecked Return Value

  • Vulnerable module: platform-python
  • Introduced through: platform-python@3.6.8-37.el8
  • Fixed in: 0:3.6.8-45.el8

Detailed paths

  • Introduced through: centos@latest platform-python@3.6.8-37.el8