Vulnerabilities

 25 via 95 paths

Dependencies

 150

Source

 Group 6 Copy Created with Sketch. Docker

Target OS

 ubuntu:22.04
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 8
  • 17
Status
  • 25
  • 0
  • 0

medium severity

Directory Traversal

  • Vulnerable module: pam/libpam-modules
  • Introduced through: pam/libpam-modules@1.4.0-11ubuntu2.6, pam/libpam-modules-bin@1.4.0-11ubuntu2.6 and others

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy pam/libpam-modules@1.4.0-11ubuntu2.6
  • Introduced through: tomcat@jdk17-temurin-jammy pam/libpam-modules-bin@1.4.0-11ubuntu2.6
  • Introduced through: tomcat@jdk17-temurin-jammy pam/libpam-runtime@1.4.0-11ubuntu2.6
  • Introduced through: tomcat@jdk17-temurin-jammy pam/libpam0g@1.4.0-11ubuntu2.6

NVD Description

Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

Remediation

There is no fixed version for Ubuntu:22.04 pam.

References

Directory Traversal vulnerability report

medium severity

Open Redirect

  • Vulnerable module: wget
  • Introduced through: wget@1.21.2-2ubuntu1.1

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy wget@1.21.2-2ubuntu1.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream wget package and not the wget package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.

Remediation

There is no fixed version for Ubuntu:22.04 wget.

References

Open Redirect vulnerability report

medium severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.38-4ubuntu2.12, binutils/binutils-common@2.38-4ubuntu2.12 and others

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy binutils@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/binutils-common@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/binutils-x86-64-linux-gnu@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/libbinutils@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/libctf-nobfd0@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/libctf0@2.38-4ubuntu2.12

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.

Remediation

There is no fixed version for Ubuntu:22.04 binutils.

References

Out-of-Bounds vulnerability report

medium severity

Algorithmic Complexity

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.4.7-1ubuntu0.7

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy expat/libexpat1@2.4.7-1ubuntu0.7

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.

Remediation

There is no fixed version for Ubuntu:22.04 expat.

References

Algorithmic Complexity vulnerability report

medium severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: gnupg2/dirmngr
  • Introduced through: gnupg2/dirmngr@2.2.27-3ubuntu2.5, gnupg2/gnupg@2.2.27-3ubuntu2.5 and others

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy gnupg2/dirmngr@2.2.27-3ubuntu2.5
  • Introduced through: tomcat@jdk17-temurin-jammy gnupg2/gnupg@2.2.27-3ubuntu2.5
  • Introduced through: tomcat@jdk17-temurin-jammy gnupg2/gnupg-l10n@2.2.27-3ubuntu2.5
  • Introduced through: tomcat@jdk17-temurin-jammy gnupg2/gnupg-utils@2.2.27-3ubuntu2.5
  • Introduced through: tomcat@jdk17-temurin-jammy gnupg2/gpg@2.2.27-3ubuntu2.5
  • Introduced through: tomcat@jdk17-temurin-jammy gnupg2/gpg-agent@2.2.27-3ubuntu2.5
  • Introduced through: tomcat@jdk17-temurin-jammy gnupg2/gpg-wks-client@2.2.27-3ubuntu2.5
  • Introduced through: tomcat@jdk17-temurin-jammy gnupg2/gpg-wks-server@2.2.27-3ubuntu2.5
  • Introduced through: tomcat@jdk17-temurin-jammy gnupg2/gpgconf@2.2.27-3ubuntu2.5
  • Introduced through: tomcat@jdk17-temurin-jammy gnupg2/gpgsm@2.2.27-3ubuntu2.5
  • Introduced through: tomcat@jdk17-temurin-jammy gnupg2/gpgv@2.2.27-3ubuntu2.5

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.

Remediation

There is no fixed version for Ubuntu:22.04 gnupg2.

References

Improper Verification of Cryptographic Signature vulnerability report

medium severity

Out-of-Bounds

  • Vulnerable module: binutils
  • Introduced through: binutils@2.38-4ubuntu2.12, binutils/binutils-common@2.38-4ubuntu2.12 and others

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy binutils@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/binutils-common@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/binutils-x86-64-linux-gnu@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/libbinutils@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/libctf-nobfd0@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/libctf0@2.38-4ubuntu2.12

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Ubuntu:22.04 binutils.

References

Out-of-Bounds vulnerability report

medium severity
new

Improper Privilege Management

  • Vulnerable module: systemd/libsystemd0
  • Introduced through: systemd/libsystemd0@249.11-0ubuntu3.17 and systemd/libudev1@249.11-0ubuntu3.17
  • Fixed in: 249.11-0ubuntu3.19

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy systemd/libsystemd0@249.11-0ubuntu3.17
  • Introduced through: tomcat@jdk17-temurin-jammy systemd/libudev1@249.11-0ubuntu3.17

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.

Remediation

Upgrade Ubuntu:22.04 systemd to version 249.11-0ubuntu3.19 or higher.

References

Improper Privilege Management vulnerability report

medium severity

Directory Traversal

  • Vulnerable module: tar
  • Introduced through: tar@1.34+dfsg-1ubuntu0.1.22.04.2

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy tar@1.34+dfsg-1ubuntu0.1.22.04.2

NVD Description

Note: Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each "tar xf" in its Security Rules of Thumb; however, third-party advice leads users to run "tar xf" more than once into the same directory.

Remediation

There is no fixed version for Ubuntu:22.04 tar.

References

Directory Traversal vulnerability report

low severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: glibc/libc-bin
  • Introduced through: glibc/libc-bin@2.35-0ubuntu3.13, glibc/libc6@2.35-0ubuntu3.13 and others

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy glibc/libc-bin@2.35-0ubuntu3.13
  • Introduced through: tomcat@jdk17-temurin-jammy glibc/libc6@2.35-0ubuntu3.13
  • Introduced through: tomcat@jdk17-temurin-jammy glibc/locales@2.35-0ubuntu3.13

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

Remediation

There is no fixed version for Ubuntu:22.04 glibc.

References

Allocation of Resources Without Limits or Throttling vulnerability report

low severity

Resource Exhaustion

  • Vulnerable module: libzstd/libzstd1
  • Introduced through: libzstd/libzstd1@1.4.8+dfsg-3build1

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy libzstd/libzstd1@1.4.8+dfsg-3build1

NVD Description

Note: Versions mentioned in the description apply only to the upstream libzstd package and not the libzstd package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

Remediation

There is no fixed version for Ubuntu:22.04 libzstd.

References

Resource Exhaustion vulnerability report

low severity

Integer Overflow or Wraparound

  • Vulnerable module: pcre2/libpcre2-8-0
  • Introduced through: pcre2/libpcre2-8-0@10.39-3ubuntu0.1

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy pcre2/libpcre2-8-0@10.39-3ubuntu0.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream pcre2 package and not the pcre2 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.

Remediation

There is no fixed version for Ubuntu:22.04 pcre2.

References

Integer Overflow or Wraparound vulnerability report

low severity

Uncontrolled Recursion

  • Vulnerable module: pcre3/libpcre3
  • Introduced through: pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

Remediation

There is no fixed version for Ubuntu:22.04 pcre3.

References

Uncontrolled Recursion vulnerability report

low severity

Improper Input Validation

  • Vulnerable module: coreutils
  • Introduced through: coreutils@8.32-4.1ubuntu1.3

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy coreutils@8.32-4.1ubuntu1.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

Remediation

There is no fixed version for Ubuntu:22.04 coreutils.

References

Improper Input Validation vulnerability report

low severity

CVE-2023-50495

  • Vulnerable module: ncurses/libncurses6
  • Introduced through: ncurses/libncurses6@6.3-2ubuntu0.1, ncurses/libncursesw6@6.3-2ubuntu0.1 and others

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy ncurses/libncurses6@6.3-2ubuntu0.1
  • Introduced through: tomcat@jdk17-temurin-jammy ncurses/libncursesw6@6.3-2ubuntu0.1
  • Introduced through: tomcat@jdk17-temurin-jammy ncurses/libtinfo6@6.3-2ubuntu0.1
  • Introduced through: tomcat@jdk17-temurin-jammy ncurses/ncurses-base@6.3-2ubuntu0.1
  • Introduced through: tomcat@jdk17-temurin-jammy ncurses/ncurses-bin@6.3-2ubuntu0.1

NVD Description

Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

Remediation

There is no fixed version for Ubuntu:22.04 ncurses.

References

CVE-2023-50495 vulnerability report

low severity

CVE-2023-7008

  • Vulnerable module: systemd/libsystemd0
  • Introduced through: systemd/libsystemd0@249.11-0ubuntu3.17 and systemd/libudev1@249.11-0ubuntu3.17

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy systemd/libsystemd0@249.11-0ubuntu3.17
  • Introduced through: tomcat@jdk17-temurin-jammy systemd/libudev1@249.11-0ubuntu3.17

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

Remediation

There is no fixed version for Ubuntu:22.04 systemd.

References

CVE-2023-7008 vulnerability report

low severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: binutils
  • Introduced through: binutils@2.38-4ubuntu2.12, binutils/binutils-common@2.38-4ubuntu2.12 and others

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy binutils@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/binutils-common@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/binutils-x86-64-linux-gnu@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/libbinutils@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/libctf-nobfd0@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/libctf0@2.38-4ubuntu2.12

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

Remediation

There is no fixed version for Ubuntu:22.04 binutils.

References

Allocation of Resources Without Limits or Throttling vulnerability report

low severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: binutils
  • Introduced through: binutils@2.38-4ubuntu2.12, binutils/binutils-common@2.38-4ubuntu2.12 and others

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy binutils@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/binutils-common@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/binutils-x86-64-linux-gnu@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/libbinutils@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/libctf-nobfd0@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/libctf0@2.38-4ubuntu2.12

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.

Remediation

There is no fixed version for Ubuntu:22.04 binutils.

References

Allocation of Resources Without Limits or Throttling vulnerability report

low severity

Improper Input Validation

  • Vulnerable module: binutils
  • Introduced through: binutils@2.38-4ubuntu2.12, binutils/binutils-common@2.38-4ubuntu2.12 and others

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy binutils@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/binutils-common@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/binutils-x86-64-linux-gnu@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/libbinutils@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/libctf-nobfd0@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/libctf0@2.38-4ubuntu2.12

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

Remediation

There is no fixed version for Ubuntu:22.04 binutils.

References

Improper Input Validation vulnerability report

low severity

Uncontrolled Recursion

  • Vulnerable module: binutils
  • Introduced through: binutils@2.38-4ubuntu2.12, binutils/binutils-common@2.38-4ubuntu2.12 and others

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy binutils@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/binutils-common@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/binutils-x86-64-linux-gnu@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/libbinutils@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/libctf-nobfd0@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/libctf0@2.38-4ubuntu2.12

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

Remediation

There is no fixed version for Ubuntu:22.04 binutils.

References

Uncontrolled Recursion vulnerability report

low severity

Uncontrolled Recursion

  • Vulnerable module: gcc-12/gcc-12-base
  • Introduced through: gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04.3, gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04.3 and others

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04.3
  • Introduced through: tomcat@jdk17-temurin-jammy gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04.3
  • Introduced through: tomcat@jdk17-temurin-jammy gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04.3

NVD Description

Note: Versions mentioned in the description apply only to the upstream gcc-12 package and not the gcc-12 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

Remediation

There is no fixed version for Ubuntu:22.04 gcc-12.

References

Uncontrolled Recursion vulnerability report

low severity

Memory Leak

  • Vulnerable module: binutils
  • Introduced through: binutils@2.38-4ubuntu2.12, binutils/binutils-common@2.38-4ubuntu2.12 and others

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy binutils@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/binutils-common@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/binutils-x86-64-linux-gnu@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/libbinutils@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/libctf-nobfd0@2.38-4ubuntu2.12
  • Introduced through: tomcat@jdk17-temurin-jammy binutils/libctf0@2.38-4ubuntu2.12

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

Remediation

There is no fixed version for Ubuntu:22.04 binutils.

References

Memory Leak vulnerability report

low severity

Out-of-bounds Write

  • Vulnerable module: gnupg2/dirmngr
  • Introduced through: gnupg2/dirmngr@2.2.27-3ubuntu2.5, gnupg2/gnupg@2.2.27-3ubuntu2.5 and others

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy gnupg2/dirmngr@2.2.27-3ubuntu2.5
  • Introduced through: tomcat@jdk17-temurin-jammy gnupg2/gnupg@2.2.27-3ubuntu2.5
  • Introduced through: tomcat@jdk17-temurin-jammy gnupg2/gnupg-l10n@2.2.27-3ubuntu2.5
  • Introduced through: tomcat@jdk17-temurin-jammy gnupg2/gnupg-utils@2.2.27-3ubuntu2.5
  • Introduced through: tomcat@jdk17-temurin-jammy gnupg2/gpg@2.2.27-3ubuntu2.5
  • Introduced through: tomcat@jdk17-temurin-jammy gnupg2/gpg-agent@2.2.27-3ubuntu2.5
  • Introduced through: tomcat@jdk17-temurin-jammy gnupg2/gpg-wks-client@2.2.27-3ubuntu2.5
  • Introduced through: tomcat@jdk17-temurin-jammy gnupg2/gpg-wks-server@2.2.27-3ubuntu2.5
  • Introduced through: tomcat@jdk17-temurin-jammy gnupg2/gpgconf@2.2.27-3ubuntu2.5
  • Introduced through: tomcat@jdk17-temurin-jammy gnupg2/gpgsm@2.2.27-3ubuntu2.5
  • Introduced through: tomcat@jdk17-temurin-jammy gnupg2/gpgv@2.2.27-3ubuntu2.5

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

Remediation

There is no fixed version for Ubuntu:22.04 gnupg2.

References

Out-of-bounds Write vulnerability report

low severity

Arbitrary Code Injection

  • Vulnerable module: shadow/login
  • Introduced through: shadow/login@1:4.8.1-2ubuntu2.2 and shadow/passwd@1:4.8.1-2ubuntu2.2

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy shadow/login@1:4.8.1-2ubuntu2.2
  • Introduced through: tomcat@jdk17-temurin-jammy shadow/passwd@1:4.8.1-2ubuntu2.2

NVD Description

Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

Remediation

There is no fixed version for Ubuntu:22.04 shadow.

References

Arbitrary Code Injection vulnerability report

low severity

Covert Timing Channel

  • Vulnerable module: libgcrypt20
  • Introduced through: libgcrypt20@1.9.4-3ubuntu3

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy libgcrypt20@1.9.4-3ubuntu3

NVD Description

Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

Remediation

There is no fixed version for Ubuntu:22.04 libgcrypt20.

References

Covert Timing Channel vulnerability report

low severity

CVE-2024-56433

  • Vulnerable module: shadow/login
  • Introduced through: shadow/login@1:4.8.1-2ubuntu2.2 and shadow/passwd@1:4.8.1-2ubuntu2.2

Detailed paths

  • Introduced through: tomcat@jdk17-temurin-jammy shadow/login@1:4.8.1-2ubuntu2.2
  • Introduced through: tomcat@jdk17-temurin-jammy shadow/passwd@1:4.8.1-2ubuntu2.2

NVD Description

Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.

Remediation

There is no fixed version for Ubuntu:22.04 shadow.

References

CVE-2024-56433 vulnerability report