diff --git a/go.mod b/go.mod index f4fe629d2c..3625d8e99d 100644 --- a/go.mod +++ b/go.mod @@ -6,6 +6,7 @@ require ( github.com/BurntSushi/toml v0.3.1 github.com/aquasecurity/fanal v0.0.0-20191015084852-e80236018d26 github.com/aquasecurity/go-dep-parser v0.0.0-20190819075924-ea223f0ef24b + github.com/aquasecurity/vuln-list-update v0.0.0-20191016075347-3d158c2bf9a2 github.com/briandowns/spinner v0.0.0-20190319032542-ac46072a5a91 github.com/caarlos0/env/v6 v6.0.0 github.com/emirpasic/gods v1.12.0 // indirect @@ -16,11 +17,10 @@ require ( github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936 github.com/knqyf263/go-version v1.1.1 - github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 - github.com/mattn/go-colorable v0.1.1 // indirect + github.com/kylelemons/godebug v1.1.0 github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/olekukonko/tablewriter v0.0.2-0.20190607075207-195002e6e56a - github.com/stretchr/testify v1.3.0 + github.com/stretchr/testify v1.4.0 github.com/urfave/cli v1.20.0 github.com/xanzy/ssh-agent v0.2.1 // indirect go.etcd.io/bbolt v1.3.2 // indirect @@ -28,12 +28,14 @@ require ( go.uber.org/multierr v1.1.0 // indirect go.uber.org/zap v1.9.1 golang.org/x/crypto v0.0.0-20190404164418-38d8ce5564a5 - golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 + golang.org/x/net v0.0.0-20191014212845-da9a3fd4c582 // indirect + golang.org/x/sys v0.0.0-20191020152052-9984515f0562 // indirect + golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898 gopkg.in/cheggaaa/pb.v1 v1.0.28 gopkg.in/src-d/go-billy.v4 v4.3.0 // indirect gopkg.in/src-d/go-git-fixtures.v3 v3.4.0 // indirect gopkg.in/src-d/go-git.v4 v4.10.0 - gopkg.in/yaml.v2 v2.2.2 + gopkg.in/yaml.v2 v2.2.4 ) replace github.com/genuinetools/reg => github.com/tomoyamachi/reg v0.16.1-0.20190706172545-2a2250fd7c00 diff --git a/go.sum b/go.sum index 2090bf5b91..fd2ddaea72 100644 --- a/go.sum +++ b/go.sum @@ -22,12 +22,14 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= -github.com/aquasecurity/fanal v0.0.0-20190930214148-1d3b788f4003 h1:jKLG8daiXJ/QcAJ3cq4cGkrvPpafzEzlbiKQPkkhaa4= -github.com/aquasecurity/fanal v0.0.0-20190930214148-1d3b788f4003/go.mod h1:dD1Ny21eY5FSDyERfUIMwdgYhg6Lnw611VOwDHmTSoQ= github.com/aquasecurity/fanal v0.0.0-20191015084852-e80236018d26 h1:HvyiDHbYDm094Oo59MWIWtZ3Lt2Uu6nQ06IsG2jvIrg= github.com/aquasecurity/fanal v0.0.0-20191015084852-e80236018d26/go.mod h1:dD1Ny21eY5FSDyERfUIMwdgYhg6Lnw611VOwDHmTSoQ= github.com/aquasecurity/go-dep-parser v0.0.0-20190819075924-ea223f0ef24b h1:55Ulc/gvfWm4ylhVaR7MxOwujRjA6et7KhmUbSgUFf4= github.com/aquasecurity/go-dep-parser v0.0.0-20190819075924-ea223f0ef24b/go.mod h1:BpNTD9vHfrejKsED9rx04ldM1WIbeyXGYxUrqTVwxVQ= +github.com/aquasecurity/vuln-list-update v0.0.0-20191016075347-3d158c2bf9a2 h1:xbdUfr2KE4THsFx9CFWtWpU91lF+YhgP46moV94nYTA= +github.com/aquasecurity/vuln-list-update v0.0.0-20191016075347-3d158c2bf9a2/go.mod h1:6NhOP0CjZJL27bZZcaHECtzWdwDDm2g6yCY0QgXEGQQ= +github.com/araddon/dateparse v0.0.0-20190426192744-0d74ffceef83 h1:ukTLOeMC0aVxbJWVg6hOsVJ0VPIo8w++PbNsze/pqF8= +github.com/araddon/dateparse v0.0.0-20190426192744-0d74ffceef83/go.mod h1:SLqhdZcd+dF3TEVL2RMoob5bBP5R1P1qkox+HtCBgGI= github.com/aws/aws-sdk-go v1.19.11 h1:tqaTGER6Byw3QvsjGW0p018U2UOqaJPeJuzoaF7jjoQ= github.com/aws/aws-sdk-go v1.19.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 h1:xJ4a3vCFaGF/jqvzLMYoU8P317H5OQ+Via4RmuPwCS0= @@ -70,6 +72,10 @@ github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7/go.mod h1:cyGadeNE github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= +github.com/elazarl/goproxy v0.0.0-20190421051319-9d40249d3c2f h1:8GDPb0tCY8LQ+OJ3dbHb5sA6YZWXFORQYZx5sdsTlMs= +github.com/elazarl/goproxy v0.0.0-20190421051319-9d40249d3c2f/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/elazarl/goproxy/ext v0.0.0-20190421051319-9d40249d3c2f h1:AUj1VoZUfhPhOPHULCQQDnGhRelpFWHMLhQVWDsS0v4= +github.com/elazarl/goproxy/ext v0.0.0-20190421051319-9d40249d3c2f/go.mod h1:gNh8nYJoAm43RfaxurUnxr+N1PwuFV3ZMl/efxlIlY8= github.com/emirpasic/gods v1.9.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg= github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= @@ -110,12 +116,16 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= +github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8= +github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/mux v1.6.2 h1:Pgr17XVTNXAk3q/r4CpKzC5xBM/qW1uVLV+IhRZpIIk= github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.1 h1:Dw4jY2nghMMRsh1ol8dv1axHkDwMQK2DHerMNJsIpJU= github.com/gorilla/mux v1.7.1/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= +github.com/hashicorp/go-version v1.2.0 h1:3vNe/fWF5CBgRIguda1meWhsZHy3m8gCJ5wx+dIzX/E= +github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= @@ -124,6 +134,8 @@ github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJS github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= +github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= +github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/kevinburke/ssh_config v0.0.0-20180830205328-81db2a75821e h1:RgQk53JHp/Cjunrr1WlsXSZpqXn+uREuHvUVcK82CV8= github.com/kevinburke/ssh_config v0.0.0-20180830205328-81db2a75821e/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= @@ -151,10 +163,14 @@ github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4= github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k= +github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= +github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/mattn/go-colorable v0.1.1 h1:G1f5SKeVxmagw/IyvzvtZE4Gybcc4Tr1tf7I8z0XgOg= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-isatty v0.0.5 h1:tHXDdz1cpzGaovsTB+TVB8q90WEokoVmfMqoVcrLUgw= github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-jsonpointer v0.0.0-20180225143300-37667080efed h1:fCWISZq4YN4ulCJx7x0KB15rqxLEe3mtNJL8cSOGKZU= +github.com/mattn/go-jsonpointer v0.0.0-20180225143300-37667080efed/go.mod h1:SDJ4hurDYyQ9/7nc+eCYtXqdufgK4Cq9TJlwPklqEYA= github.com/mattn/go-runewidth v0.0.4 h1:2BvfKmzob6Bmd4YsL0zygOqfdFnK7GR4QL06Do4/p7Y= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= @@ -178,6 +194,8 @@ github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zM github.com/opencontainers/runc v0.1.1 h1:GlxAyO6x8rfZYN9Tt0Kti5a/cP41iuiO2yYT0IJGY8Y= github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= +github.com/parnurzeal/gorequest v0.2.16 h1:T/5x+/4BT+nj+3eSknXmCTnEVGSzFzPGdpqmUVVZXHQ= +github.com/parnurzeal/gorequest v0.2.16/go.mod h1:3Kh2QUMJoqw3icWAecsyzkpY7UzRfDhbRdTjtNwNiUE= github.com/pelletier/go-buffruneio v0.2.0 h1:U4t4R6YkofJ5xHm3dJzuRpPZ0mr5MMCoAWooScCR7aA= github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo= github.com/peterhellberg/link v1.0.0 h1:mUWkiegowUXEcmlb+ybF75Q/8D2Y0BjZtR8cxoKhaQo= @@ -210,21 +228,30 @@ github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084 h1:sofwID9zm4tzr github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= +github.com/rogpeppe/go-charset v0.0.0-20180617210344-2471d30d28b4/go.mod h1:qgYeAmZ5ZIpBWTGllZSQnw97Dj+woV0toclVaRGI8pc= github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/shurcooL/httpfs v0.0.0-20181222201310-74dc9339e414/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg= +github.com/simplereach/timeutils v1.2.0/go.mod h1:VVbQDfN/FHRZa1LSqcwo4kNZ62OOyqLLGQKYB3pB0Q8= github.com/sirupsen/logrus v1.2.0 h1:juTguoYk5qI21pwyTXY3B3Y5cOTH3ZUyZCg1v/mihuo= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.1 h1:GL2rEmy6nsikmW0r8opw9JIRScdMF5hA8cOYLH7In1k= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= +github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM= +github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= +github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a h1:pa8hGb/2YqsZKovtsgrwcDH1RZhVbTKCjLp47XpqCDs= +github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/src-d/gcfg v1.4.0 h1:xXbNR5AlLSA315x2UO+fTSSAXCDf+Ar38/6oyGbDKQ4= github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/tomoyamachi/reg v0.16.1-0.20190706172545-2a2250fd7c00 h1:0e4vRd9YqnQBIAIAE39jLKDWffRfJWxloyWwcaMAQho= github.com/tomoyamachi/reg v0.16.1-0.20190706172545-2a2250fd7c00/go.mod h1:RQE7h2jyIxekQZ24/wad0c9RGP+KSq4XzHh7h83ALi8= github.com/urfave/cli v1.20.0 h1:fDqGv3UG/4jbVl/QkFwEdddtEDjh/5Ov6X+0B/3bPaw= @@ -261,6 +288,8 @@ golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c h1:uOCk1iQW6Vc18bnC13MfzScl+wdKBmM9Y9kU7Z83/lw= golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20191014212845-da9a3fd4c582 h1:p9xBe/w/OzkeYVKm234g55gMdD1nSIooTir5kV11kfA= +golang.org/x/net v0.0.0-20191014212845-da9a3fd4c582/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421 h1:Wo7BWFiOk0QRFMLYMqJGFMd9CgUAcGx7V+qEg/h5IBI= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -280,8 +309,11 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190506115046-ca7f33d4116e h1:bq5BY1tGuaK8HxuwN6pT6kWgTVLeJ5KwuyBpsl1CZL4= golang.org/x/sys v0.0.0-20190506115046-ca7f33d4116e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191020152052-9984515f0562 h1:wOweSabW7qssfcg63CEDHHA4zyoqRlGU6eYV7IUMCq0= +golang.org/x/sys v0.0.0-20191020152052-9984515f0562/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2 h1:z99zHgr7hKfrUcX/KsoJk5FJfjTceCKIp96+biqP4To= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -298,11 +330,14 @@ golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190503185657-3b6f9c0030f7/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373 h1:PPwnA7z1Pjf7XYaBP9GL1VAMZmcIWyFz7QCMSIIa3Bg= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 h1:9zdDQZ7Thm29KFXgAX/+yaf3eVbP7djjWp/dXAppNCc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898 h1:/atklqdjdhuosWIl6AIbOeHJjicWYPqR9bpxqxYG2pA= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508= @@ -325,6 +360,7 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/cheggaaa/pb.v1 v1.0.28 h1:n1tBJnnK2r7g9OW2btFH91V92STTUevLXYFb8gy9EMk= gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA= gopkg.in/src-d/go-billy.v4 v4.2.1/go.mod h1:tm33zBoOwxjYHZIE+OV8bxTWFMJLrconzFMd38aARFk= gopkg.in/src-d/go-billy.v4 v4.3.0 h1:KtlZ4c1OWbIs4jCv5ZXrTqG8EQocr0g/d4DjNg70aek= gopkg.in/src-d/go-billy.v4 v4.3.0/go.mod h1:tm33zBoOwxjYHZIE+OV8bxTWFMJLrconzFMd38aARFk= @@ -339,8 +375,12 @@ gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRN gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +moul.io/http2curl v1.0.0 h1:6XwpyZOYsgZJrU8exnG87ncVkU1FVCcTRpwzOkTDUi8= +moul.io/http2curl v1.0.0/go.mod h1:f6cULg+e4Md/oW1cYmwW4IWQOVl2lGbmCNGOHvzX2kE= diff --git a/integration/tar_input_test.go b/integration/tar_input_test.go index c2599b2aba..644cd52e01 100644 --- a/integration/tar_input_test.go +++ b/integration/tar_input_test.go @@ -279,6 +279,26 @@ func TestRun_WithTar(t *testing.T) { }, golden: "testdata/distroless-python27.json.golden", }, + { + name: "amazon 1 integration", + testArgs: args{ + Version: "dev", + SkipUpdate: true, + Format: "json", + Input: "testdata/fixtures/amazon-1.tar.gz", + }, + golden: "testdata/amazon-1.json.golden", + }, + { + name: "amazon 2 integration", + testArgs: args{ + Version: "dev", + SkipUpdate: true, + Format: "json", + Input: "testdata/fixtures/amazon-2.tar.gz", + }, + golden: "testdata/amazon-2.json.golden", + }, } for _, c := range cases { diff --git a/integration/testdata/amazon-1.json.golden b/integration/testdata/amazon-1.json.golden new file mode 100644 index 0000000000..a5f7082b4b --- /dev/null +++ b/integration/testdata/amazon-1.json.golden @@ -0,0 +1,130 @@ +[ + { + "Target": "testdata/fixtures/amazon-1.tar.gz (amazon AMI release 2018.03)", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-5481", + "PkgName": "curl", + "InstalledVersion": "7.61.1-11.91.amzn1", + "FixedVersion": "7.61.1-12.93.amzn1", + "Title": "curl: double free due to subsequent call of realloc()", + "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", + "Severity": "HIGH", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5481.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/" + ] + }, + { + "VulnerabilityID": "CVE-2019-5482", + "PkgName": "curl", + "InstalledVersion": "7.61.1-11.91.amzn1", + "FixedVersion": "7.61.1-12.93.amzn1", + "Title": "curl: heap buffer overflow in function tftp_receive_packet()", + "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", + "Severity": "HIGH", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5482.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/" + ] + }, + { + "VulnerabilityID": "CVE-2019-5481", + "PkgName": "libcurl", + "InstalledVersion": "7.61.1-11.91.amzn1", + "FixedVersion": "7.61.1-12.93.amzn1", + "Title": "curl: double free due to subsequent call of realloc()", + "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", + "Severity": "HIGH", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5481.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/" + ] + }, + { + "VulnerabilityID": "CVE-2019-5482", + "PkgName": "libcurl", + "InstalledVersion": "7.61.1-11.91.amzn1", + "FixedVersion": "7.61.1-12.93.amzn1", + "Title": "curl: heap buffer overflow in function tftp_receive_packet()", + "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", + "Severity": "HIGH", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", + "https://curl.haxx.se/docs/CVE-2019-5482.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/" + ] + }, + { + "VulnerabilityID": "CVE-2019-9511", + "PkgName": "libnghttp2", + "InstalledVersion": "1.21.1-1.4.amzn1", + "FixedVersion": "1.31.1-2.5.amzn1", + "Title": "HTTP/2: large amount of data requests leads to denial of service", + "Description": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.", + "Severity": "HIGH", + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", + "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", + "https://kb.cert.org/vuls/id/605641/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/", + "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", + "https://seclists.org/bugtraq/2019/Aug/40", + "https://security.netapp.com/advisory/ntap-20190823-0002/", + "https://security.netapp.com/advisory/ntap-20190823-0005/", + "https://support.f5.com/csp/article/K02591030", + "https://usn.ubuntu.com/4099-1/", + "https://www.debian.org/security/2019/dsa-4505", + "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", + "https://www.synology.com/security/advisory/Synology_SA_19_33" + ] + }, + { + "VulnerabilityID": "CVE-2019-9513", + "PkgName": "libnghttp2", + "InstalledVersion": "1.21.1-1.4.amzn1", + "FixedVersion": "1.31.1-2.5.amzn1", + "Title": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption", + "Description": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.", + "Severity": "HIGH", + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", + "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", + "https://kb.cert.org/vuls/id/605641/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/", + "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/", + "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", + "https://seclists.org/bugtraq/2019/Aug/40", + "https://security.netapp.com/advisory/ntap-20190823-0002/", + "https://security.netapp.com/advisory/ntap-20190823-0005/", + "https://support.f5.com/csp/article/K02591030", + "https://usn.ubuntu.com/4099-1/", + "https://www.debian.org/security/2019/dsa-4505", + "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", + "https://www.synology.com/security/advisory/Synology_SA_19_33" + ] + } + ] + } +] \ No newline at end of file diff --git a/integration/testdata/amazon-2.json.golden b/integration/testdata/amazon-2.json.golden new file mode 100644 index 0000000000..b7c14ca005 --- /dev/null +++ b/integration/testdata/amazon-2.json.golden @@ -0,0 +1,952 @@ +[ + { + "Target": "testdata/fixtures/amazon-2.tar.gz (amazon 2 (Karoo))", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2019-5435", + "PkgName": "curl", + "InstalledVersion": "7.61.1-9.amzn2.0.1", + "FixedVersion": "7.61.1-11.amzn2.0.2", + "Title": "curl: Integer overflows in curl_url_set() function", + "Description": "An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.", + "Severity": "MEDIUM", + "References": [ + "https://curl.haxx.se/docs/CVE-2019-5435.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", + "https://security.netapp.com/advisory/ntap-20190606-0004/" + ] + }, + { + "VulnerabilityID": "CVE-2019-5436", + "PkgName": "curl", + "InstalledVersion": "7.61.1-9.amzn2.0.1", + "FixedVersion": "7.61.1-11.amzn2.0.2", + "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", + "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", + "https://curl.haxx.se/docs/CVE-2019-5436.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", + "https://security.netapp.com/advisory/ntap-20190606-0004/" + ] + }, + { + "VulnerabilityID": "CVE-2019-12450", + "PkgName": "glib2", + "InstalledVersion": "2.54.2-2.amzn2", + "FixedVersion": "2.56.1-4.amzn2", + "Title": "glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress", + "Description": "file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.", + "Severity": "HIGH", + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12450", + "https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00013.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4WIOAGO3M743M5KZLVQZM3NGHQDYLI/", + "https://security.netapp.com/advisory/ntap-20190606-0003/", + "https://usn.ubuntu.com/4014-1/", + "https://usn.ubuntu.com/4014-2/" + ] + }, + { + "VulnerabilityID": "CVE-2019-5435", + "PkgName": "libcurl", + "InstalledVersion": "7.61.1-9.amzn2.0.1", + "FixedVersion": "7.61.1-11.amzn2.0.2", + "Title": "curl: Integer overflows in curl_url_set() function", + "Description": "An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.", + "Severity": "MEDIUM", + "References": [ + "https://curl.haxx.se/docs/CVE-2019-5435.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", + "https://security.netapp.com/advisory/ntap-20190606-0004/" + ] + }, + { + "VulnerabilityID": "CVE-2019-5436", + "PkgName": "libcurl", + "InstalledVersion": "7.61.1-9.amzn2.0.1", + "FixedVersion": "7.61.1-11.amzn2.0.2", + "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", + "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", + "https://curl.haxx.se/docs/CVE-2019-5436.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", + "https://security.netapp.com/advisory/ntap-20190606-0004/" + ] + }, + { + "VulnerabilityID": "CVE-2019-9511", + "PkgName": "libnghttp2", + "InstalledVersion": "1.31.1-1.amzn2.0.2", + "FixedVersion": "1.39.2-1.amzn2", + "Title": "HTTP/2: large amount of data requests leads to denial of service", + "Description": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.", + "Severity": "HIGH", + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", + "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", + "https://kb.cert.org/vuls/id/605641/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/", + "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", + "https://seclists.org/bugtraq/2019/Aug/40", + "https://security.netapp.com/advisory/ntap-20190823-0002/", + "https://security.netapp.com/advisory/ntap-20190823-0005/", + "https://support.f5.com/csp/article/K02591030", + "https://usn.ubuntu.com/4099-1/", + "https://www.debian.org/security/2019/dsa-4505", + "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", + "https://www.synology.com/security/advisory/Synology_SA_19_33" + ] + }, + { + "VulnerabilityID": "CVE-2019-9513", + "PkgName": "libnghttp2", + "InstalledVersion": "1.31.1-1.amzn2.0.2", + "FixedVersion": "1.39.2-1.amzn2", + "Title": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption", + "Description": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.", + "Severity": "HIGH", + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", + "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", + "https://kb.cert.org/vuls/id/605641/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/", + "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/", + "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", + "https://seclists.org/bugtraq/2019/Aug/40", + "https://security.netapp.com/advisory/ntap-20190823-0002/", + "https://security.netapp.com/advisory/ntap-20190823-0005/", + "https://support.f5.com/csp/article/K02591030", + "https://usn.ubuntu.com/4099-1/", + "https://www.debian.org/security/2019/dsa-4505", + "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", + "https://www.synology.com/security/advisory/Synology_SA_19_33" + ] + }, + { + "VulnerabilityID": "CVE-2019-3858", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.amzn2.2", + "FixedVersion": "1.4.3-12.amzn2.2.1", + "Title": "libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "http://www.openwall.com/lists/oss-security/2019/03/18/3", + "http://www.securityfocus.com/bid/107485", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3858", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://seclists.org/bugtraq/2019/Mar/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3858.html" + ] + }, + { + "VulnerabilityID": "CVE-2019-3861", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.amzn2.2", + "FixedVersion": "1.4.3-12.amzn2.2.1", + "Title": "libssh2: Out-of-bounds reads with specially crafted SSH packets", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3861.html" + ] + }, + { + "VulnerabilityID": "CVE-2019-3862", + "PkgName": "libssh2", + "InstalledVersion": "1.4.3-12.amzn2.2", + "FixedVersion": "1.4.3-12.amzn2.2.2", + "Title": "libssh2: Out-of-bounds memory comparison with specially crafted message channel request", + "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", + "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", + "http://www.openwall.com/lists/oss-security/2019/03/18/3", + "http://www.securityfocus.com/bid/107485", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862", + "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/", + "https://seclists.org/bugtraq/2019/Apr/25", + "https://seclists.org/bugtraq/2019/Mar/25", + "https://security.netapp.com/advisory/ntap-20190327-0005/", + "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "https://www.debian.org/security/2019/dsa-4431", + "https://www.libssh2.org/CVE-2019-3862.html" + ] + }, + { + "VulnerabilityID": "CVE-2016-4658", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.amzn2.3.2", + "FixedVersion": "2.9.1-6.amzn2.3.3", + "Title": "libxml2: Use after free via namespace node in XPointer ranges", + "Description": "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", + "Severity": "CRITICAL", + "References": [ + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", + "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", + "http://www.securityfocus.com/bid/93054", + "http://www.securitytracker.com/id/1036858", + "http://www.securitytracker.com/id/1038623", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658", + "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b", + "https://security.gentoo.org/glsa/201701-37", + "https://support.apple.com/HT207141", + "https://support.apple.com/HT207142", + "https://support.apple.com/HT207143", + "https://support.apple.com/HT207170" + ] + }, + { + "VulnerabilityID": "CVE-2017-16931", + "PkgName": "libxml2", + "InstalledVersion": "2.9.1-6.amzn2.3.2", + "FixedVersion": "2.9.1-6.amzn2.3.3", + "Title": "libxml2: Mishandling parameter-entity references", + "Description": "parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.", + "Severity": "HIGH", + "References": [ + "http://xmlsoft.org/news.html", + "https://bugzilla.gnome.org/show_bug.cgi?id=766956", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931", + "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3", + "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" + ] + }, + { + "VulnerabilityID": "CVE-2017-10684", + "PkgName": "ncurses", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", + "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "HIGH", + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", + "https://security.gentoo.org/glsa/201804-13" + ] + }, + { + "VulnerabilityID": "CVE-2017-10685", + "PkgName": "ncurses", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", + "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "HIGH", + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", + "https://security.gentoo.org/glsa/201804-13" + ] + }, + { + "VulnerabilityID": "CVE-2017-11112", + "PkgName": "ncurses", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Title": "ncurses: Illegal address access in append_acs function", + "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "MEDIUM", + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", + "https://security.gentoo.org/glsa/201804-13" + ] + }, + { + "VulnerabilityID": "CVE-2017-11113", + "PkgName": "ncurses", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", + "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "MEDIUM", + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", + "https://security.gentoo.org/glsa/201804-13" + ] + }, + { + "VulnerabilityID": "CVE-2017-10684", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", + "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "HIGH", + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", + "https://security.gentoo.org/glsa/201804-13" + ] + }, + { + "VulnerabilityID": "CVE-2017-10685", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", + "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "HIGH", + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", + "https://security.gentoo.org/glsa/201804-13" + ] + }, + { + "VulnerabilityID": "CVE-2017-11112", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Title": "ncurses: Illegal address access in append_acs function", + "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "MEDIUM", + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", + "https://security.gentoo.org/glsa/201804-13" + ] + }, + { + "VulnerabilityID": "CVE-2017-11113", + "PkgName": "ncurses-base", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", + "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "MEDIUM", + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", + "https://security.gentoo.org/glsa/201804-13" + ] + }, + { + "VulnerabilityID": "CVE-2017-10684", + "PkgName": "ncurses-libs", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Title": "ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c", + "Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "HIGH", + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684", + "https://security.gentoo.org/glsa/201804-13" + ] + }, + { + "VulnerabilityID": "CVE-2017-10685", + "PkgName": "ncurses-libs", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Title": "ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function", + "Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.", + "Severity": "HIGH", + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464692", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685", + "https://security.gentoo.org/glsa/201804-13" + ] + }, + { + "VulnerabilityID": "CVE-2017-11112", + "PkgName": "ncurses-libs", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Title": "ncurses: Illegal address access in append_acs function", + "Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "MEDIUM", + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464686", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112", + "https://security.gentoo.org/glsa/201804-13" + ] + }, + { + "VulnerabilityID": "CVE-2017-11113", + "PkgName": "ncurses-libs", + "InstalledVersion": "6.0-8.20170212.amzn2.1.2", + "FixedVersion": "6.0-8.20170212.amzn2.1.3", + "Title": "ncurses: Null pointer dereference vulnerability in _nc_parse_entry function", + "Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.", + "Severity": "MEDIUM", + "References": [ + "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113", + "https://security.gentoo.org/glsa/201804-13" + ] + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.amzn2", + "FixedVersion": "3.44.0-4.amzn2.0.2", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404" + ] + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss", + "InstalledVersion": "3.36.0-7.amzn2", + "FixedVersion": "3.44.0-4.amzn2.0.2", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "LOW", + "References": [ + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ] + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.amzn2", + "FixedVersion": "3.44.0-4.amzn2.0.2", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404" + ] + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss-sysinit", + "InstalledVersion": "3.36.0-7.amzn2", + "FixedVersion": "3.44.0-4.amzn2.0.2", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "LOW", + "References": [ + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ] + }, + { + "VulnerabilityID": "CVE-2018-12404", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.amzn2", + "FixedVersion": "3.44.0-4.amzn2.0.2", + "Title": "nss: Cache side-channel variant of the Bleichenbacher attack", + "Description": "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html", + "http://www.securityfocus.com/bid/107260", + "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404" + ] + }, + { + "VulnerabilityID": "CVE-2018-0495", + "PkgName": "nss-tools", + "InstalledVersion": "3.36.0-7.amzn2", + "FixedVersion": "3.44.0-4.amzn2.0.2", + "Title": "ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries", + "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", + "Severity": "LOW", + "References": [ + "http://www.securitytracker.com/id/1041144", + "http://www.securitytracker.com/id/1041147", + "https://access.redhat.com/errata/RHSA-2018:3221", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1296", + "https://access.redhat.com/errata/RHSA-2019:1297", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495", + "https://dev.gnupg.org/T4011", + "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965", + "https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html", + "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html", + "https://usn.ubuntu.com/3689-1/", + "https://usn.ubuntu.com/3689-2/", + "https://usn.ubuntu.com/3692-1/", + "https://usn.ubuntu.com/3692-2/", + "https://usn.ubuntu.com/3850-1/", + "https://usn.ubuntu.com/3850-2/", + "https://www.debian.org/security/2018/dsa-4231", + "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + ] + }, + { + "VulnerabilityID": "CVE-2019-5010", + "PkgName": "python", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-1.amzn2.0.1", + "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", + "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n \nA null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.", + "Severity": "HIGH", + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", + "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html" + ] + }, + { + "VulnerabilityID": "CVE-2018-1060", + "PkgName": "python", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-1.amzn2.0.1", + "Title": "python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib", + "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.", + "Severity": "MEDIUM", + "References": [ + "http://www.securitytracker.com/id/1042001", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3041", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue32981", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060", + "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://www.debian.org/security/2018/dsa-4306", + "https://www.debian.org/security/2018/dsa-4307" + ] + }, + { + "VulnerabilityID": "CVE-2018-1061", + "PkgName": "python", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-1.amzn2.0.1", + "Title": "python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib", + "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.", + "Severity": "MEDIUM", + "References": [ + "http://www.securitytracker.com/id/1042001", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3041", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue32981", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061", + "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://www.debian.org/security/2018/dsa-4306", + "https://www.debian.org/security/2018/dsa-4307" + ] + }, + { + "VulnerabilityID": "CVE-2018-20406", + "PkgName": "python", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-1.amzn2.0.1", + "Title": "python: Integer overflow in Modules/_pickle.c allows for memory exhaustion if serializing gigabytes of data", + "Description": "Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a \"resize to twice the size\" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data.", + "Severity": "MEDIUM", + "References": [ + "https://bugs.python.org/issue34656", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20406", + "https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", + "https://python-security.readthedocs.io/vuln/pickle-load-dos.html", + "https://security.netapp.com/advisory/ntap-20190416-0010/" + ] + }, + { + "VulnerabilityID": "CVE-2019-10160", + "PkgName": "python", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-2.amzn2.0.1", + "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", + "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", + "Severity": "MEDIUM", + "References": [ + "https://access.redhat.com/errata/RHSA-2019:1587", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", + "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", + "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", + "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", + "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", + "https://security.netapp.com/advisory/ntap-20190617-0003/" + ] + }, + { + "VulnerabilityID": "CVE-2019-9636", + "PkgName": "python", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-1.amzn2.0.1", + "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", + "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107400", + "https://access.redhat.com/errata/RHBA-2019:0959", + "https://access.redhat.com/errata/RHSA-2019:0710", + "https://access.redhat.com/errata/RHSA-2019:0765", + "https://access.redhat.com/errata/RHSA-2019:0806", + "https://access.redhat.com/errata/RHSA-2019:0902", + "https://access.redhat.com/errata/RHSA-2019:0981", + "https://access.redhat.com/errata/RHSA-2019:0997", + "https://access.redhat.com/errata/RHSA-2019:1467", + "https://bugs.python.org/issue36216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", + "https://github.com/python/cpython/pull/12201", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", + "https://security.netapp.com/advisory/ntap-20190517-0001/" + ] + }, + { + "VulnerabilityID": "CVE-2019-9948", + "PkgName": "python", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-3.amzn2.0.1", + "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", + "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107549", + "https://bugs.python.org/issue35907", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", + "https://github.com/python/cpython/pull/11842", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/" + ] + }, + { + "VulnerabilityID": "CVE-2019-5010", + "PkgName": "python-libs", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-1.amzn2.0.1", + "Title": "python: NULL pointer dereference using a specially crafted X509 certificate", + "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n \nA null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.", + "Severity": "HIGH", + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", + "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html" + ] + }, + { + "VulnerabilityID": "CVE-2018-1060", + "PkgName": "python-libs", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-1.amzn2.0.1", + "Title": "python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib", + "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.", + "Severity": "MEDIUM", + "References": [ + "http://www.securitytracker.com/id/1042001", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3041", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue32981", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060", + "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://www.debian.org/security/2018/dsa-4306", + "https://www.debian.org/security/2018/dsa-4307" + ] + }, + { + "VulnerabilityID": "CVE-2018-1061", + "PkgName": "python-libs", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-1.amzn2.0.1", + "Title": "python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib", + "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.", + "Severity": "MEDIUM", + "References": [ + "http://www.securitytracker.com/id/1042001", + "https://access.redhat.com/errata/RHBA-2019:0327", + "https://access.redhat.com/errata/RHSA-2018:3041", + "https://access.redhat.com/errata/RHSA-2018:3505", + "https://access.redhat.com/errata/RHSA-2019:1260", + "https://bugs.python.org/issue32981", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061", + "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", + "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us", + "https://usn.ubuntu.com/3817-1/", + "https://usn.ubuntu.com/3817-2/", + "https://www.debian.org/security/2018/dsa-4306", + "https://www.debian.org/security/2018/dsa-4307" + ] + }, + { + "VulnerabilityID": "CVE-2018-20406", + "PkgName": "python-libs", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-1.amzn2.0.1", + "Title": "python: Integer overflow in Modules/_pickle.c allows for memory exhaustion if serializing gigabytes of data", + "Description": "Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a \"resize to twice the size\" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data.", + "Severity": "MEDIUM", + "References": [ + "https://bugs.python.org/issue34656", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20406", + "https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd", + "https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", + "https://python-security.readthedocs.io/vuln/pickle-load-dos.html", + "https://security.netapp.com/advisory/ntap-20190416-0010/" + ] + }, + { + "VulnerabilityID": "CVE-2019-10160", + "PkgName": "python-libs", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-2.amzn2.0.1", + "Title": "python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc", + "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", + "Severity": "MEDIUM", + "References": [ + "https://access.redhat.com/errata/RHSA-2019:1587", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", + "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", + "https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e", + "https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de", + "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html", + "https://security.netapp.com/advisory/ntap-20190617-0003/" + ] + }, + { + "VulnerabilityID": "CVE-2019-9636", + "PkgName": "python-libs", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-1.amzn2.0.1", + "Title": "python: Information Disclosure due to urlsplit improper NFKC normalization", + "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107400", + "https://access.redhat.com/errata/RHBA-2019:0959", + "https://access.redhat.com/errata/RHSA-2019:0710", + "https://access.redhat.com/errata/RHSA-2019:0765", + "https://access.redhat.com/errata/RHSA-2019:0806", + "https://access.redhat.com/errata/RHSA-2019:0902", + "https://access.redhat.com/errata/RHSA-2019:0981", + "https://access.redhat.com/errata/RHSA-2019:0997", + "https://access.redhat.com/errata/RHSA-2019:1467", + "https://bugs.python.org/issue36216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", + "https://github.com/python/cpython/pull/12201", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/", + "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html", + "https://security.netapp.com/advisory/ntap-20190517-0001/" + ] + }, + { + "VulnerabilityID": "CVE-2019-9948", + "PkgName": "python-libs", + "InstalledVersion": "2.7.14-58.amzn2.0.4", + "FixedVersion": "2.7.16-3.amzn2.0.1", + "Title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms", + "Description": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.", + "Severity": "MEDIUM", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html", + "http://www.securityfocus.com/bid/107549", + "https://bugs.python.org/issue35907", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", + "https://github.com/python/cpython/pull/11842", + "https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html", + "https://security.netapp.com/advisory/ntap-20190404-0004/" + ] + }, + { + "VulnerabilityID": "CVE-2019-12735", + "PkgName": "vim-minimal", + "InstalledVersion": "2:7.4.160-4.amzn2.0.16", + "FixedVersion": "2:8.1.1602-1.amzn2", + "Title": "vim/neovim: ':source!' command allows arbitrary command execution via modelines", + "Description": "getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.", + "Severity": "CRITICAL", + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html", + "http://www.securityfocus.com/bid/108724", + "https://bugs.debian.org/930020", + "https://bugs.debian.org/930024", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735", + "https://github.com/neovim/neovim/pull/10082", + "https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md", + "https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/", + "https://usn.ubuntu.com/4016-1/", + "https://usn.ubuntu.com/4016-2/", + "https://www.debian.org/security/2019/dsa-4467" + ] + } + ] + } +] \ No newline at end of file diff --git a/integration/testdata/centos-6.json.golden b/integration/testdata/centos-6.json.golden index ee74078da0..69d5380f3d 100644 --- a/integration/testdata/centos-6.json.golden +++ b/integration/testdata/centos-6.json.golden @@ -310,8 +310,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n \nA flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system.", "Severity": "HIGH", "References": [ - "\nhttps://kb.isc.org/docs/cve-2018-5743\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", + "https://kb.isc.org/docs/cve-2018-5743" ] }, { @@ -346,7 +346,6 @@ "Description": "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.", "Severity": "MEDIUM", "References": [ - "\nhttps://kb.isc.org/docs/cve-2018-5741\n ", "http://www.securityfocus.com/bid/105379", "http://www.securitytracker.com/id/1041674", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5741", @@ -364,8 +363,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n \nAn assertion failure was found in the way bind implemented the \"managed keys\" feature. An attacker could use this flaw to cause the named daemon to crash. This flaw is very difficult for an attacker to trigger because it requires an operator to have BIND configured to use a trust anchor managed by the attacker.", "Severity": "MEDIUM", "References": [ - "\nhttps://kb.isc.org/docs/cve-2018-5745\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745", + "https://kb.isc.org/docs/cve-2018-5745" ] }, { @@ -387,8 +386,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n \nIt was found that the controls for zone transfer were not properly applied to Dynamically Loadable Zones (DLZs). An attacker acting as a DNS client could use this flaw to request and receive a zone transfer of a DLZ even when not permitted to do so by the \"allow-transfer\" ACL.", "Severity": "LOW", "References": [ - "\nhttps://kb.isc.org/docs/cve-2019-6465\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465", + "https://kb.isc.org/docs/cve-2019-6465" ] }, { @@ -424,8 +423,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n \nA flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system.", "Severity": "HIGH", "References": [ - "\nhttps://kb.isc.org/docs/cve-2018-5743\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", + "https://kb.isc.org/docs/cve-2018-5743" ] }, { @@ -460,7 +459,6 @@ "Description": "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.", "Severity": "MEDIUM", "References": [ - "\nhttps://kb.isc.org/docs/cve-2018-5741\n ", "http://www.securityfocus.com/bid/105379", "http://www.securitytracker.com/id/1041674", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5741", @@ -478,8 +476,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n \nAn assertion failure was found in the way bind implemented the \"managed keys\" feature. An attacker could use this flaw to cause the named daemon to crash. This flaw is very difficult for an attacker to trigger because it requires an operator to have BIND configured to use a trust anchor managed by the attacker.", "Severity": "MEDIUM", "References": [ - "\nhttps://kb.isc.org/docs/cve-2018-5745\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745", + "https://kb.isc.org/docs/cve-2018-5745" ] }, { @@ -501,8 +499,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n \nIt was found that the controls for zone transfer were not properly applied to Dynamically Loadable Zones (DLZs). An attacker acting as a DNS client could use this flaw to request and receive a zone transfer of a DLZ even when not permitted to do so by the \"allow-transfer\" ACL.", "Severity": "LOW", "References": [ - "\nhttps://kb.isc.org/docs/cve-2019-6465\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465", + "https://kb.isc.org/docs/cve-2019-6465" ] }, { @@ -832,7 +830,6 @@ "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90103", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", @@ -849,7 +846,6 @@ "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", @@ -865,7 +861,6 @@ "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", @@ -881,7 +876,6 @@ "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", @@ -897,7 +891,6 @@ "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", @@ -913,7 +906,6 @@ "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90016", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", @@ -930,7 +922,6 @@ "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", @@ -947,7 +938,6 @@ "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", @@ -3275,7 +3265,6 @@ "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", "Severity": "CRITICAL", "References": [ - "\nhttps://curl.haxx.se/docs/CVE-2018-14618.html\n ", "http://www.securitytracker.com/id/1041605", "https://access.redhat.com/errata/RHSA-2018:3558", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", @@ -3298,7 +3287,6 @@ "Description": "Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20160914.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/92975", "http://www.securitytracker.com/id/1036813", @@ -3324,7 +3312,6 @@ "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102D.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94098", "http://www.securitytracker.com/id/1037192", @@ -3346,7 +3333,6 @@ "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102E.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94100", "http://www.securitytracker.com/id/1037192", @@ -3369,7 +3355,6 @@ "Description": "A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_2018-9cd6.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/103414", @@ -3396,7 +3381,6 @@ "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", "Severity": "MEDIUM", "References": [ - "\nhttp://curl.haxx.se/docs/adv_20150429.html\n ", "http://curl.haxx.se/docs/adv_20150429.html", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", @@ -3453,7 +3437,6 @@ "Description": "curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20160803A.html\n ", "http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html", "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", "http://rhn.redhat.com/errata/RHSA-2016-2575.html", @@ -3485,7 +3468,6 @@ "Description": "curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20160803B.html\n ", "http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html", "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", "http://rhn.redhat.com/errata/RHSA-2016-2575.html", @@ -3516,7 +3498,6 @@ "Description": "curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20160907.html\n ", "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", "http://rhn.redhat.com/errata/RHSA-2016-2575.html", "http://rhn.redhat.com/errata/RHSA-2016-2957.html", @@ -3541,7 +3522,6 @@ "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102A.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94096", "http://www.securitytracker.com/id/1037192", @@ -3564,7 +3544,6 @@ "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102B.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94094", "http://www.securitytracker.com/id/1037192", @@ -3587,7 +3566,6 @@ "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102C.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94097", "http://www.securitytracker.com/id/1037192", @@ -3610,7 +3588,6 @@ "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102G.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94101", "http://www.securitytracker.com/id/1037192", @@ -3633,7 +3610,6 @@ "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102I.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94106", "http://www.securitytracker.com/id/1037192", @@ -3656,7 +3632,6 @@ "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102J.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94103", "http://www.securitytracker.com/id/1037192", @@ -3678,7 +3653,6 @@ "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102K.html\n ", "http://www.securityfocus.com/bid/94107", "http://www.securitytracker.com/id/1037192", "https://access.redhat.com/errata/RHSA-2018:2486", @@ -3700,7 +3674,6 @@ "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161221A.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/95019", "http://www.securitytracker.com/id/1037515", @@ -3722,7 +3695,6 @@ "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20170809B.html\n ", "http://www.debian.org/security/2017/dsa-3992", "http://www.securityfocus.com/bid/100286", "http://www.securitytracker.com/id/1039118", @@ -3742,7 +3714,6 @@ "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20171004.html\n ", "http://www.debian.org/security/2017/dsa-3992", "http://www.securityfocus.com/bid/101115", "http://www.securitytracker.com/id/1039509", @@ -3764,7 +3735,6 @@ "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/CVE-2018-16842.html\n ", "http://www.securitytracker.com/id/1042014", "https://access.redhat.com/errata/RHSA-2019:2181", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", @@ -3804,9 +3774,9 @@ "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", "Severity": "LOW", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20170403.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20170403.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", "https://security.gentoo.org/glsa/201709-14" @@ -4025,7 +3995,6 @@ "Description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.", "Severity": "LOW", "References": [ - "\nhttps://www.openwall.com/lists/oss-security/2019/06/11/2\n ", "http://www.openwall.com/lists/oss-security/2019/06/11/2", "http://www.securityfocus.com/bid/108751", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749", @@ -4329,7 +4298,6 @@ "Description": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.", "Severity": "HIGH", "References": [ - "\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-54.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html", @@ -4383,13 +4351,13 @@ "Description": "An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox \u003c 50.", "Severity": "HIGH", "References": [ - "\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9063\n ", "http://www.securityfocus.com/bid/94337", "http://www.securitytracker.com/id/1037298", "http://www.securitytracker.com/id/1039427", "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063", "https://www.debian.org/security/2017/dsa-3898", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9063", "https://www.mozilla.org/security/advisories/mfsa2016-89/" ] }, @@ -4811,7 +4779,6 @@ "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", @@ -4828,7 +4795,6 @@ "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", @@ -4844,7 +4810,6 @@ "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", @@ -4974,7 +4939,6 @@ "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", "Severity": "HIGH", "References": [ - "\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=17048\n ", "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", "http://seclists.org/fulldisclosure/2019/Jun/18", @@ -5584,7 +5548,6 @@ "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", "Severity": "HIGH", "References": [ - "\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=17048\n ", "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", "http://seclists.org/fulldisclosure/2019/Jun/18", @@ -6167,7 +6130,7 @@ "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", "Severity": "MEDIUM", "References": [ - "\nhttps://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f\nhttps://access.redhat.com/articles/4264021\n ", + "https://access.redhat.com/articles/4264021", "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", "https://twitter.com/lambdafu/status/1147162583969009664" @@ -6228,7 +6191,6 @@ "Description": "Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"different line lengths in a specific order.\"", "Severity": "MEDIUM", "References": [ - "\nhttp://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77\n ", "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77", "http://seclists.org/oss-sec/2014/q3/266", "http://www.debian.org/security/2014/dsa-3005", @@ -6265,7 +6227,6 @@ "Description": "The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, a different vulnerability than CVE-2011-1528.", "Severity": "HIGH", "References": [ - "\nhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt\n ", "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-006.txt", "http://www.kb.cert.org/vuls/id/659251", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4151", @@ -6552,7 +6513,6 @@ "Description": "The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.", "Severity": "CRITICAL", "References": [ - "\nhttps://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html\n ", "http://advisories.mageia.org/MGASA-2015-0139.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159449.html", "http://lists.opensuse.org/opensuse-updates/2015-03/msg00077.html", @@ -6739,7 +6699,6 @@ "Description": "Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.ocert.org/advisories/ocert-2015-002.html\n ", "http://advisories.mageia.org/MGASA-2015-0061.html", "http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4", "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html", @@ -6794,7 +6753,6 @@ "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", "Severity": "CRITICAL", "References": [ - "\nhttps://curl.haxx.se/docs/CVE-2018-14618.html\n ", "http://www.securitytracker.com/id/1041605", "https://access.redhat.com/errata/RHSA-2018:3558", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", @@ -6817,7 +6775,6 @@ "Description": "Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20160914.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/92975", "http://www.securitytracker.com/id/1036813", @@ -6843,7 +6800,6 @@ "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102D.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94098", "http://www.securitytracker.com/id/1037192", @@ -6865,7 +6821,6 @@ "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102E.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94100", "http://www.securitytracker.com/id/1037192", @@ -6888,7 +6843,6 @@ "Description": "A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_2018-9cd6.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/103414", @@ -6915,7 +6869,6 @@ "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", "Severity": "MEDIUM", "References": [ - "\nhttp://curl.haxx.se/docs/adv_20150429.html\n ", "http://curl.haxx.se/docs/adv_20150429.html", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", @@ -6972,7 +6925,6 @@ "Description": "curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20160803A.html\n ", "http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html", "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", "http://rhn.redhat.com/errata/RHSA-2016-2575.html", @@ -7004,7 +6956,6 @@ "Description": "curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20160803B.html\n ", "http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html", "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", "http://rhn.redhat.com/errata/RHSA-2016-2575.html", @@ -7035,7 +6986,6 @@ "Description": "curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20160907.html\n ", "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html", "http://rhn.redhat.com/errata/RHSA-2016-2575.html", "http://rhn.redhat.com/errata/RHSA-2016-2957.html", @@ -7060,7 +7010,6 @@ "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102A.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94096", "http://www.securitytracker.com/id/1037192", @@ -7083,7 +7032,6 @@ "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102B.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94094", "http://www.securitytracker.com/id/1037192", @@ -7106,7 +7054,6 @@ "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102C.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94097", "http://www.securitytracker.com/id/1037192", @@ -7129,7 +7076,6 @@ "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102G.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94101", "http://www.securitytracker.com/id/1037192", @@ -7152,7 +7098,6 @@ "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102I.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94106", "http://www.securitytracker.com/id/1037192", @@ -7175,7 +7120,6 @@ "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102J.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94103", "http://www.securitytracker.com/id/1037192", @@ -7197,7 +7141,6 @@ "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102K.html\n ", "http://www.securityfocus.com/bid/94107", "http://www.securitytracker.com/id/1037192", "https://access.redhat.com/errata/RHSA-2018:2486", @@ -7219,7 +7162,6 @@ "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161221A.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/95019", "http://www.securitytracker.com/id/1037515", @@ -7241,7 +7183,6 @@ "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20170809B.html\n ", "http://www.debian.org/security/2017/dsa-3992", "http://www.securityfocus.com/bid/100286", "http://www.securitytracker.com/id/1039118", @@ -7261,7 +7202,6 @@ "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20171004.html\n ", "http://www.debian.org/security/2017/dsa-3992", "http://www.securityfocus.com/bid/101115", "http://www.securitytracker.com/id/1039509", @@ -7283,7 +7223,6 @@ "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/CVE-2018-16842.html\n ", "http://www.securitytracker.com/id/1042014", "https://access.redhat.com/errata/RHSA-2019:2181", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", @@ -7323,9 +7262,9 @@ "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", "Severity": "LOW", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20170403.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20170403.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", "https://security.gentoo.org/glsa/201709-14" @@ -7374,7 +7313,6 @@ "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142\n ", "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", "http://www.securitytracker.com/id/1034375", @@ -7391,7 +7329,6 @@ "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90103", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", @@ -7408,7 +7345,6 @@ "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", @@ -7424,7 +7360,6 @@ "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", @@ -7440,7 +7375,6 @@ "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", @@ -7456,7 +7390,6 @@ "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", @@ -7472,7 +7405,6 @@ "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90016", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", @@ -7489,7 +7421,6 @@ "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", @@ -7506,7 +7437,6 @@ "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", @@ -7579,7 +7509,6 @@ "Description": "libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.", "Severity": "MEDIUM", "References": [ - "\nhttps://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html\nhttps://eprint.iacr.org/2017/627\n ", "http://www.securityfocus.com/bid/99338", "http://www.securitytracker.com/id/1038915", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526", @@ -7604,11 +7533,11 @@ "Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", "Severity": "MEDIUM", "References": [ - "\nhttps://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html", "https://dev.gnupg.org/T4541", "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020", - "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762" + "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762", + "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html" ] }, { @@ -7778,7 +7707,6 @@ "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", "Severity": "CRITICAL", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3855.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", @@ -7808,7 +7736,6 @@ "Description": "The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.libssh2.org/adv_20150311.html\n ", "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151943.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152362.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153933.html", @@ -7828,7 +7755,6 @@ "Description": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3856.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "https://access.redhat.com/errata/RHSA-2019:0679", @@ -7852,7 +7778,6 @@ "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3857.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "https://access.redhat.com/errata/RHSA-2019:0679", @@ -7876,7 +7801,6 @@ "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3858.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", @@ -7904,7 +7828,6 @@ "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3859.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html", @@ -7936,7 +7859,6 @@ "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3860.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860", @@ -7958,7 +7880,6 @@ "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3861.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861", @@ -7980,7 +7901,6 @@ "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3862.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", @@ -8008,7 +7928,6 @@ "Description": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3863.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "https://access.redhat.com/errata/RHSA-2019:0679", @@ -8066,7 +7985,6 @@ "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142\n ", "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", "http://www.securitytracker.com/id/1034375", @@ -8083,7 +8001,6 @@ "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90103", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", @@ -8100,7 +8017,6 @@ "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", @@ -8116,7 +8032,6 @@ "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", @@ -8132,7 +8047,6 @@ "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", @@ -8148,7 +8062,6 @@ "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", @@ -8164,7 +8077,6 @@ "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90016", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", @@ -8181,7 +8093,6 @@ "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", @@ -8198,7 +8109,6 @@ "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", @@ -8745,7 +8655,6 @@ "Description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", "Severity": "MEDIUM", "References": [ - "\nhttps://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html\n ", "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", @@ -8765,6 +8674,7 @@ "https://codereview.chromium.org/2127493002", "https://crbug.com/623378", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131", + "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", "https://security.gentoo.org/glsa/201610-09", "https://security.gentoo.org/glsa/201701-37", "https://source.android.com/security/bulletin/2017-05-01", @@ -9554,12 +9464,12 @@ "Description": "Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.", "Severity": "HIGH", "References": [ - "\nhttps://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/dV4MyMsg6jw\n ", "http://www.securityfocus.com/bid/92385", "http://www.securitytracker.com/id/1036590", "http://www.ubuntu.com/usn/USN-3023-1", "https://bugzilla.mozilla.org/show_bug.cgi?id=1174015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1951", + "https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/dV4MyMsg6jw", "https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/dV4MyMsg6jw/hhWcXOgJDQAJ", "https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2" ] @@ -9712,7 +9622,9 @@ "Description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA at the suggestion of the CVE project team. The candidate had been associated with a correct report of a security problem, but not a problem that is categorized as a vulnerability within CVE. Compromised or unauthorized SSL certificates are not within CVE's scope. Notes: none.", "Severity": "MEDIUM", "References": [ - "\nhttps://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/\nhttp://googleonlinesecurity.blogspot.in/2013/01/enhancing-digital-certificate-security.html\nhttp://www.mozilla.org/security/announce/2013/mfsa2013-20.html\n " + "http://googleonlinesecurity.blogspot.in/2013/01/enhancing-digital-certificate-security.html", + "http://www.mozilla.org/security/announce/2013/mfsa2013-20.html", + "https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/" ] }, { @@ -10003,7 +9915,6 @@ "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf\n ", "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", @@ -10056,6 +9967,7 @@ "http://www.debian.org/security/2015/dsa-3316", "http://www.debian.org/security/2015/dsa-3339", "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", @@ -10116,7 +10028,6 @@ "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", "Severity": "MEDIUM", "References": [ - "\nhttps://sweet32.info/\nhttps://access.redhat.com/articles/2548661\nhttps://access.redhat.com/errata/RHSA-2016:1940\n ", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2017-0336.html", @@ -10139,6 +10050,7 @@ "http://www.splunk.com/view/SP-CAAAPSV", "http://www.splunk.com/view/SP-CAAAPUE", "https://access.redhat.com/articles/2548661", + "https://access.redhat.com/errata/RHSA-2016:1940", "https://access.redhat.com/errata/RHSA-2017:1216", "https://access.redhat.com/errata/RHSA-2017:2708", "https://access.redhat.com/errata/RHSA-2017:2709", @@ -10198,7 +10110,6 @@ "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074\n ", "http://www.securityfocus.com/bid/94341", "http://www.securitytracker.com/id/1037298", "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", @@ -10206,6 +10117,7 @@ "https://security.gentoo.org/glsa/201701-15", "https://security.gentoo.org/glsa/201701-46", "https://www.debian.org/security/2016/dsa-3730", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", "https://www.mozilla.org/security/advisories/mfsa2016-89/", "https://www.mozilla.org/security/advisories/mfsa2016-90/", "https://www.mozilla.org/security/advisories/mfsa2016-93/" @@ -10234,9 +10146,10 @@ "Description": "When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.", "Severity": "MEDIUM", "References": [ - "\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.5_release_notes\n ", "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.5_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes" ] }, { @@ -10263,8 +10176,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", "Severity": "MEDIUM", "References": [ - "\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes" ] }, { @@ -10276,7 +10189,6 @@ "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", "Severity": "LOW", "References": [ - "\nhttps://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/\n ", "http://www.securitytracker.com/id/1041144", "http://www.securitytracker.com/id/1041147", "https://access.redhat.com/errata/RHSA-2018:3221", @@ -10308,7 +10220,6 @@ "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA\n ", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", @@ -10321,6 +10232,7 @@ "http://www.debian.org/security/2015/dsa-3316", "http://www.debian.org/security/2015/dsa-3339", "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", "http://www.securityfocus.com/bid/75871", "http://www.securitytracker.com/id/1032910", "http://www.ubuntu.com/usn/USN-2696-1", @@ -10375,10 +10287,10 @@ "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781\n ", "http://www.securityfocus.com/bid/100383", "http://www.securitytracker.com/id/1039124", "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", + "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", "https://www.mozilla.org/security/advisories/mfsa2017-18/" ] }, @@ -10391,7 +10303,6 @@ "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA\n ", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", @@ -10404,6 +10315,7 @@ "http://www.debian.org/security/2015/dsa-3316", "http://www.debian.org/security/2015/dsa-3339", "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", "http://www.securityfocus.com/bid/75871", "http://www.securitytracker.com/id/1032910", "http://www.ubuntu.com/usn/USN-2696-1", @@ -10458,10 +10370,10 @@ "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781\n ", "http://www.securityfocus.com/bid/100383", "http://www.securitytracker.com/id/1039124", "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", + "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", "https://www.mozilla.org/security/advisories/mfsa2017-18/" ] }, @@ -10613,7 +10525,9 @@ "Description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA at the suggestion of the CVE project team. The candidate had been associated with a correct report of a security problem, but not a problem that is categorized as a vulnerability within CVE. Compromised or unauthorized SSL certificates are not within CVE's scope. Notes: none.", "Severity": "MEDIUM", "References": [ - "\nhttps://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/\nhttp://googleonlinesecurity.blogspot.in/2013/01/enhancing-digital-certificate-security.html\nhttp://www.mozilla.org/security/announce/2013/mfsa2013-20.html\n " + "http://googleonlinesecurity.blogspot.in/2013/01/enhancing-digital-certificate-security.html", + "http://www.mozilla.org/security/announce/2013/mfsa2013-20.html", + "https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/" ] }, { @@ -10904,7 +10818,6 @@ "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf\n ", "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", @@ -10957,6 +10870,7 @@ "http://www.debian.org/security/2015/dsa-3316", "http://www.debian.org/security/2015/dsa-3339", "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", @@ -11017,7 +10931,6 @@ "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", "Severity": "MEDIUM", "References": [ - "\nhttps://sweet32.info/\nhttps://access.redhat.com/articles/2548661\nhttps://access.redhat.com/errata/RHSA-2016:1940\n ", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2017-0336.html", @@ -11040,6 +10953,7 @@ "http://www.splunk.com/view/SP-CAAAPSV", "http://www.splunk.com/view/SP-CAAAPUE", "https://access.redhat.com/articles/2548661", + "https://access.redhat.com/errata/RHSA-2016:1940", "https://access.redhat.com/errata/RHSA-2017:1216", "https://access.redhat.com/errata/RHSA-2017:2708", "https://access.redhat.com/errata/RHSA-2017:2709", @@ -11099,7 +11013,6 @@ "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074\n ", "http://www.securityfocus.com/bid/94341", "http://www.securitytracker.com/id/1037298", "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", @@ -11107,6 +11020,7 @@ "https://security.gentoo.org/glsa/201701-15", "https://security.gentoo.org/glsa/201701-46", "https://www.debian.org/security/2016/dsa-3730", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", "https://www.mozilla.org/security/advisories/mfsa2016-89/", "https://www.mozilla.org/security/advisories/mfsa2016-90/", "https://www.mozilla.org/security/advisories/mfsa2016-93/" @@ -11135,9 +11049,10 @@ "Description": "When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.", "Severity": "MEDIUM", "References": [ - "\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.5_release_notes\n ", "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.5_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes" ] }, { @@ -11164,8 +11079,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", "Severity": "MEDIUM", "References": [ - "\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes" ] }, { @@ -11177,7 +11092,6 @@ "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", "Severity": "LOW", "References": [ - "\nhttps://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/\n ", "http://www.securitytracker.com/id/1041144", "http://www.securitytracker.com/id/1041147", "https://access.redhat.com/errata/RHSA-2018:3221", @@ -11348,7 +11262,9 @@ "Description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA at the suggestion of the CVE project team. The candidate had been associated with a correct report of a security problem, but not a problem that is categorized as a vulnerability within CVE. Compromised or unauthorized SSL certificates are not within CVE's scope. Notes: none.", "Severity": "MEDIUM", "References": [ - "\nhttps://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/\nhttp://googleonlinesecurity.blogspot.in/2013/01/enhancing-digital-certificate-security.html\nhttp://www.mozilla.org/security/announce/2013/mfsa2013-20.html\n " + "http://googleonlinesecurity.blogspot.in/2013/01/enhancing-digital-certificate-security.html", + "http://www.mozilla.org/security/announce/2013/mfsa2013-20.html", + "https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/" ] }, { @@ -11639,7 +11555,6 @@ "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf\n ", "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", @@ -11692,6 +11607,7 @@ "http://www.debian.org/security/2015/dsa-3316", "http://www.debian.org/security/2015/dsa-3339", "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", @@ -11752,7 +11668,6 @@ "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", "Severity": "MEDIUM", "References": [ - "\nhttps://sweet32.info/\nhttps://access.redhat.com/articles/2548661\nhttps://access.redhat.com/errata/RHSA-2016:1940\n ", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2017-0336.html", @@ -11775,6 +11690,7 @@ "http://www.splunk.com/view/SP-CAAAPSV", "http://www.splunk.com/view/SP-CAAAPUE", "https://access.redhat.com/articles/2548661", + "https://access.redhat.com/errata/RHSA-2016:1940", "https://access.redhat.com/errata/RHSA-2017:1216", "https://access.redhat.com/errata/RHSA-2017:2708", "https://access.redhat.com/errata/RHSA-2017:2709", @@ -11834,7 +11750,6 @@ "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074\n ", "http://www.securityfocus.com/bid/94341", "http://www.securitytracker.com/id/1037298", "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", @@ -11842,6 +11757,7 @@ "https://security.gentoo.org/glsa/201701-15", "https://security.gentoo.org/glsa/201701-46", "https://www.debian.org/security/2016/dsa-3730", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", "https://www.mozilla.org/security/advisories/mfsa2016-89/", "https://www.mozilla.org/security/advisories/mfsa2016-90/", "https://www.mozilla.org/security/advisories/mfsa2016-93/" @@ -11870,9 +11786,10 @@ "Description": "When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.", "Severity": "MEDIUM", "References": [ - "\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.5_release_notes\n ", "https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.5_release_notes", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes" ] }, { @@ -11899,8 +11816,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", "Severity": "MEDIUM", "References": [ - "\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes" ] }, { @@ -11912,7 +11829,6 @@ "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", "Severity": "LOW", "References": [ - "\nhttps://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/\n ", "http://www.securitytracker.com/id/1041144", "http://www.securitytracker.com/id/1041147", "https://access.redhat.com/errata/RHSA-2018:3221", @@ -12031,7 +11947,6 @@ "Description": "servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.openldap.org/its/?findid=8655\n ", "http://www.debian.org/security/2017/dsa-3868", "http://www.openldap.org/its/?findid=8655", "http://www.securityfocus.com/bid/98736", @@ -12476,7 +12391,6 @@ "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf\n ", "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", @@ -12529,6 +12443,7 @@ "http://www.debian.org/security/2015/dsa-3316", "http://www.debian.org/security/2015/dsa-3339", "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", @@ -12589,7 +12504,6 @@ "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", "Severity": "MEDIUM", "References": [ - "\nhttps://sweet32.info/\nhttps://access.redhat.com/articles/2548661\nhttps://access.redhat.com/errata/RHSA-2016:1940\n ", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2017-0336.html", @@ -12612,6 +12526,7 @@ "http://www.splunk.com/view/SP-CAAAPSV", "http://www.splunk.com/view/SP-CAAAPUE", "https://access.redhat.com/articles/2548661", + "https://access.redhat.com/errata/RHSA-2016:1940", "https://access.redhat.com/errata/RHSA-2017:1216", "https://access.redhat.com/errata/RHSA-2017:2708", "https://access.redhat.com/errata/RHSA-2017:2709", @@ -12671,7 +12586,6 @@ "Description": "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.openssl.org/news/secadv/20170828.txt\n ", "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", @@ -12708,7 +12622,6 @@ "Description": "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).", "Severity": "MEDIUM", "References": [ - "\nhttps://www.openssl.org/news/secadv/20180612.txt\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/104442", "http://www.securitytracker.com/id/1041090", @@ -12803,7 +12716,7 @@ "Description": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).", "Severity": "MEDIUM", "References": [ - "\nhttps://www.openssl.org/news/secadv/20180416.txt\nhttp://www.openwall.com/lists/oss-security/2018/04/16/3\n ", + "http://www.openwall.com/lists/oss-security/2018/04/16/3", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/103766", "http://www.securitytracker.com/id/1040685", @@ -12845,7 +12758,6 @@ "Description": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).", "Severity": "MEDIUM", "References": [ - "\nhttps://www.openssl.org/news/secadv/20180327.txt\n ", "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", @@ -12887,7 +12799,6 @@ "Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", "Severity": "MEDIUM", "References": [ - "\nhttps://www.openssl.org/news/secadv/20190226.txt\nhttps://github.com/RUB-NDS/TLS-Padding-Oracles\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", @@ -12896,6 +12807,7 @@ "http://www.securityfocus.com/bid/107174", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", + "https://github.com/RUB-NDS/TLS-Padding-Oracles", "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282", "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", "https://security.gentoo.org/glsa/201903-10", @@ -12920,7 +12832,6 @@ "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", "Severity": "LOW", "References": [ - "\nhttps://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/\n ", "http://www.securitytracker.com/id/1041144", "http://www.securitytracker.com/id/1041147", "https://access.redhat.com/errata/RHSA-2018:3221", @@ -12952,7 +12863,6 @@ "Description": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", "Severity": "LOW", "References": [ - "\nhttps://github.com/bbbrumley/portsmash\nhttps://www.openssl.org/news/secadv/20181112.txt\n ", "http://www.securityfocus.com/bid/105897", "https://access.redhat.com/errata/RHSA-2019:0483", "https://access.redhat.com/errata/RHSA-2019:0651", @@ -12968,6 +12878,7 @@ "https://www.debian.org/security/2018/dsa-4348", "https://www.debian.org/security/2018/dsa-4355", "https://www.exploit-db.com/exploits/45785/", + "https://www.openssl.org/news/secadv/20181112.txt", "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", @@ -13164,7 +13075,6 @@ "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", @@ -13181,7 +13091,6 @@ "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", @@ -13197,7 +13106,6 @@ "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", @@ -13232,7 +13140,6 @@ "Description": "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\n ", "http://seclists.org/oss-sec/2018/q2/122", "http://www.securityfocus.com/bid/104214", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121", @@ -13250,7 +13157,6 @@ "Description": "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\n ", "http://seclists.org/oss-sec/2018/q2/122", "http://www.securityfocus.com/bid/104214", "https://access.redhat.com/errata/RHSA-2019:2189", @@ -13274,7 +13180,6 @@ "Description": "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).", "Severity": "MEDIUM", "References": [ - "\nhttps://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\n ", "http://seclists.org/oss-sec/2018/q2/122", "http://www.securityfocus.com/bid/104214", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123", @@ -13297,7 +13202,6 @@ "Description": "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\n ", "http://seclists.org/oss-sec/2018/q2/122", "http://www.securityfocus.com/bid/104214", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", @@ -13344,7 +13248,7 @@ "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", "Severity": "HIGH", "References": [ - "\nhttp://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html\n ", + "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", "http://www.securitytracker.com/id/1039890", "https://bugs.python.org/issue30657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", @@ -13500,7 +13404,6 @@ "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.", "Severity": "MEDIUM", "References": [ - "\nhttps://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final\n ", "http://www.securitytracker.com/id/1042001", "https://access.redhat.com/errata/RHBA-2019:0327", "https://access.redhat.com/errata/RHSA-2018:3041", @@ -13510,6 +13413,7 @@ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060", "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", @@ -13532,7 +13436,6 @@ "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.", "Severity": "MEDIUM", "References": [ - "\nhttps://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final\n ", "http://www.securitytracker.com/id/1042001", "https://access.redhat.com/errata/RHBA-2019:0327", "https://access.redhat.com/errata/RHSA-2018:3041", @@ -13542,6 +13445,7 @@ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061", "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", @@ -13564,7 +13468,6 @@ "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", "Severity": "MEDIUM", "References": [ - "\nhttps://bugs.python.org/issue34623\n ", "http://www.securityfocus.com/bid/105396", "http://www.securitytracker.com/id/1041740", "https://access.redhat.com/errata/RHSA-2019:1260", @@ -13590,7 +13493,6 @@ "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", "Severity": "MEDIUM", "References": [ - "\nhttps://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", @@ -13710,7 +13612,7 @@ "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", "Severity": "HIGH", "References": [ - "\nhttp://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html\n ", + "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", "http://www.securitytracker.com/id/1039890", "https://bugs.python.org/issue30657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", @@ -13866,7 +13768,6 @@ "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.", "Severity": "MEDIUM", "References": [ - "\nhttps://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final\n ", "http://www.securitytracker.com/id/1042001", "https://access.redhat.com/errata/RHBA-2019:0327", "https://access.redhat.com/errata/RHSA-2018:3041", @@ -13876,6 +13777,7 @@ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060", "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", @@ -13898,7 +13800,6 @@ "Description": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.", "Severity": "MEDIUM", "References": [ - "\nhttps://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final\n ", "http://www.securitytracker.com/id/1042001", "https://access.redhat.com/errata/RHBA-2019:0327", "https://access.redhat.com/errata/RHSA-2018:3041", @@ -13908,6 +13809,7 @@ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061", "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final", "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1", "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html", "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html", @@ -13930,7 +13832,6 @@ "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", "Severity": "MEDIUM", "References": [ - "\nhttps://bugs.python.org/issue34623\n ", "http://www.securityfocus.com/bid/105396", "http://www.securitytracker.com/id/1041740", "https://access.redhat.com/errata/RHSA-2019:1260", @@ -13956,7 +13857,6 @@ "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", "Severity": "MEDIUM", "References": [ - "\nhttps://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", @@ -14218,7 +14118,6 @@ "Description": "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt\n ", "http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html", "http://www.openwall.com/lists/oss-security/2016/07/01/1", "http://www.openwall.com/lists/oss-security/2016/07/01/2", @@ -14268,10 +14167,10 @@ "Description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "Severity": "MEDIUM", "References": [ - "\nhttps://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html\n ", "http://www.securityfocus.com/bid/98767", "http://www.securityfocus.com/bid/99950", "https://access.redhat.com/errata/RHSA-2017:1833", + "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7000", "https://security.gentoo.org/glsa/201709-15", "https://support.apple.com/HT207797", @@ -14288,7 +14187,6 @@ "Description": "Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.", "Severity": "MEDIUM", "References": [ - "\nhttps://sintonen.fi/advisories/tar-extract-pathname-bypass.txt\n ", "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d", "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html", "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html", @@ -14299,7 +14197,8 @@ "http://www.ubuntu.com/usn/USN-3132-1", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321", "https://security.gentoo.org/glsa/201611-19", - "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt" + "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt", + "https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt" ] }, { diff --git a/integration/testdata/centos-7-critical.json.golden b/integration/testdata/centos-7-critical.json.golden index 197aaef29b..8b3bec2bcf 100644 --- a/integration/testdata/centos-7-critical.json.golden +++ b/integration/testdata/centos-7-critical.json.golden @@ -11,7 +11,6 @@ "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", "Severity": "CRITICAL", "References": [ - "\nhttps://curl.haxx.se/docs/CVE-2018-14618.html\n ", "http://www.securitytracker.com/id/1041605", "https://access.redhat.com/errata/RHSA-2018:3558", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", @@ -34,7 +33,6 @@ "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", "Severity": "CRITICAL", "References": [ - "\nhttps://curl.haxx.se/docs/CVE-2018-14618.html\n ", "http://www.securitytracker.com/id/1041605", "https://access.redhat.com/errata/RHSA-2018:3558", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", @@ -57,7 +55,6 @@ "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", "Severity": "CRITICAL", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3855.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", diff --git a/integration/testdata/centos-7-ignore-unfixed.json.golden b/integration/testdata/centos-7-ignore-unfixed.json.golden index c470db346d..65cc610378 100644 --- a/integration/testdata/centos-7-ignore-unfixed.json.golden +++ b/integration/testdata/centos-7-ignore-unfixed.json.golden @@ -11,8 +11,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n \nA flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system.", "Severity": "HIGH", "References": [ - "\nhttps://kb.isc.org/docs/cve-2018-5743\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", + "https://kb.isc.org/docs/cve-2018-5743" ] }, { @@ -24,7 +24,6 @@ "Description": "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.", "Severity": "MEDIUM", "References": [ - "\nhttps://kb.isc.org/docs/cve-2018-5741\n ", "http://www.securityfocus.com/bid/105379", "http://www.securitytracker.com/id/1041674", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5741", @@ -90,7 +89,6 @@ "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", "Severity": "CRITICAL", "References": [ - "\nhttps://curl.haxx.se/docs/CVE-2018-14618.html\n ", "http://www.securitytracker.com/id/1041605", "https://access.redhat.com/errata/RHSA-2018:3558", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", @@ -113,7 +111,6 @@ "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/CVE-2018-16842.html\n ", "http://www.securitytracker.com/id/1042014", "https://access.redhat.com/errata/RHSA-2019:2181", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", @@ -647,7 +644,6 @@ "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", "Severity": "CRITICAL", "References": [ - "\nhttps://curl.haxx.se/docs/CVE-2018-14618.html\n ", "http://www.securitytracker.com/id/1041605", "https://access.redhat.com/errata/RHSA-2018:3558", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", @@ -670,7 +666,6 @@ "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/CVE-2018-16842.html\n ", "http://www.securitytracker.com/id/1042014", "https://access.redhat.com/errata/RHSA-2019:2181", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", @@ -693,7 +688,6 @@ "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", "Severity": "CRITICAL", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3855.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", @@ -723,7 +717,6 @@ "Description": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3856.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "https://access.redhat.com/errata/RHSA-2019:0679", @@ -747,7 +740,6 @@ "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3857.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "https://access.redhat.com/errata/RHSA-2019:0679", @@ -771,7 +763,6 @@ "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3858.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", @@ -799,7 +790,6 @@ "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3861.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861", @@ -821,7 +811,6 @@ "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3862.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", @@ -849,7 +838,6 @@ "Description": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3863.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "https://access.redhat.com/errata/RHSA-2019:0679", @@ -888,7 +876,6 @@ "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", "Severity": "LOW", "References": [ - "\nhttps://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/\n ", "http://www.securitytracker.com/id/1041144", "http://www.securitytracker.com/id/1041147", "https://access.redhat.com/errata/RHSA-2018:3221", @@ -935,7 +922,6 @@ "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", "Severity": "LOW", "References": [ - "\nhttps://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/\n ", "http://www.securitytracker.com/id/1041144", "http://www.securitytracker.com/id/1041147", "https://access.redhat.com/errata/RHSA-2018:3221", @@ -982,7 +968,6 @@ "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", "Severity": "LOW", "References": [ - "\nhttps://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/\n ", "http://www.securitytracker.com/id/1041144", "http://www.securitytracker.com/id/1041147", "https://access.redhat.com/errata/RHSA-2018:3221", @@ -1043,7 +1028,6 @@ "Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", "Severity": "MEDIUM", "References": [ - "\nhttps://www.openssl.org/news/secadv/20190226.txt\nhttps://github.com/RUB-NDS/TLS-Padding-Oracles\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", @@ -1052,6 +1036,7 @@ "http://www.securityfocus.com/bid/107174", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", + "https://github.com/RUB-NDS/TLS-Padding-Oracles", "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282", "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", "https://security.gentoo.org/glsa/201903-10", @@ -1076,7 +1061,6 @@ "Description": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", "Severity": "LOW", "References": [ - "\nhttps://github.com/bbbrumley/portsmash\nhttps://www.openssl.org/news/secadv/20181112.txt\n ", "http://www.securityfocus.com/bid/105897", "https://access.redhat.com/errata/RHSA-2019:0483", "https://access.redhat.com/errata/RHSA-2019:0651", @@ -1092,6 +1076,7 @@ "https://www.debian.org/security/2018/dsa-4348", "https://www.debian.org/security/2018/dsa-4355", "https://www.exploit-db.com/exploits/45785/", + "https://www.openssl.org/news/secadv/20181112.txt", "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", @@ -1108,7 +1093,6 @@ "Description": "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\n ", "http://seclists.org/oss-sec/2018/q2/122", "http://www.securityfocus.com/bid/104214", "https://access.redhat.com/errata/RHSA-2019:2189", @@ -1132,8 +1116,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n \nA null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.", "Severity": "HIGH", "References": [ - "\nhttps://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", + "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html" ] }, { @@ -1145,7 +1129,6 @@ "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", "Severity": "MEDIUM", "References": [ - "\nhttps://bugs.python.org/issue34623\n ", "http://www.securityfocus.com/bid/105396", "http://www.securitytracker.com/id/1041740", "https://access.redhat.com/errata/RHSA-2019:1260", @@ -1171,7 +1154,6 @@ "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", "Severity": "MEDIUM", "References": [ - "\nhttps://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html\n ", "https://access.redhat.com/errata/RHSA-2019:1587", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", @@ -1192,7 +1174,6 @@ "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", "Severity": "MEDIUM", "References": [ - "\nhttps://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", @@ -1286,8 +1267,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n \nA null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.", "Severity": "HIGH", "References": [ - "\nhttps://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", + "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html" ] }, { @@ -1299,7 +1280,6 @@ "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", "Severity": "MEDIUM", "References": [ - "\nhttps://bugs.python.org/issue34623\n ", "http://www.securityfocus.com/bid/105396", "http://www.securitytracker.com/id/1041740", "https://access.redhat.com/errata/RHSA-2019:1260", @@ -1325,7 +1305,6 @@ "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", "Severity": "MEDIUM", "References": [ - "\nhttps://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html\n ", "https://access.redhat.com/errata/RHSA-2019:1587", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", @@ -1346,7 +1325,6 @@ "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", "Severity": "MEDIUM", "References": [ - "\nhttps://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", @@ -1459,7 +1437,6 @@ "Description": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", "Severity": "LOW", "References": [ - "\nhttps://www.qualys.com/2019/01/09/system-down/system-down.txt\n ", "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", "http://seclists.org/fulldisclosure/2019/May/21", "http://www.openwall.com/lists/oss-security/2019/05/10/4", @@ -1518,7 +1495,6 @@ "Description": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", "Severity": "LOW", "References": [ - "\nhttps://www.qualys.com/2019/01/09/system-down/system-down.txt\n ", "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", "http://seclists.org/fulldisclosure/2019/May/21", "http://www.openwall.com/lists/oss-security/2019/05/10/4", diff --git a/integration/testdata/centos-7-low-high.json.golden b/integration/testdata/centos-7-low-high.json.golden index 2a8391d7ab..1fb91de4e4 100644 --- a/integration/testdata/centos-7-low-high.json.golden +++ b/integration/testdata/centos-7-low-high.json.golden @@ -11,8 +11,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n \nA flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system.", "Severity": "HIGH", "References": [ - "\nhttps://kb.isc.org/docs/cve-2018-5743\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", + "https://kb.isc.org/docs/cve-2018-5743" ] }, { @@ -66,7 +66,6 @@ "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", "Severity": "LOW", "References": [ - "\nhttps://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/\n ", "http://www.securitytracker.com/id/1041144", "http://www.securitytracker.com/id/1041147", "https://access.redhat.com/errata/RHSA-2018:3221", @@ -98,7 +97,6 @@ "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", "Severity": "LOW", "References": [ - "\nhttps://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/\n ", "http://www.securitytracker.com/id/1041144", "http://www.securitytracker.com/id/1041147", "https://access.redhat.com/errata/RHSA-2018:3221", @@ -130,7 +128,6 @@ "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", "Severity": "LOW", "References": [ - "\nhttps://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/\n ", "http://www.securitytracker.com/id/1041144", "http://www.securitytracker.com/id/1041147", "https://access.redhat.com/errata/RHSA-2018:3221", @@ -162,7 +159,6 @@ "Description": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", "Severity": "LOW", "References": [ - "\nhttps://github.com/bbbrumley/portsmash\nhttps://www.openssl.org/news/secadv/20181112.txt\n ", "http://www.securityfocus.com/bid/105897", "https://access.redhat.com/errata/RHSA-2019:0483", "https://access.redhat.com/errata/RHSA-2019:0651", @@ -178,6 +174,7 @@ "https://www.debian.org/security/2018/dsa-4348", "https://www.debian.org/security/2018/dsa-4355", "https://www.exploit-db.com/exploits/45785/", + "https://www.openssl.org/news/secadv/20181112.txt", "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", @@ -194,8 +191,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n \nA null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.", "Severity": "HIGH", "References": [ - "\nhttps://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", + "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html" ] }, { @@ -207,8 +204,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n \nA null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.", "Severity": "HIGH", "References": [ - "\nhttps://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", + "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html" ] }, { @@ -220,7 +217,6 @@ "Description": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", "Severity": "LOW", "References": [ - "\nhttps://www.qualys.com/2019/01/09/system-down/system-down.txt\n ", "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", "http://seclists.org/fulldisclosure/2019/May/21", "http://www.openwall.com/lists/oss-security/2019/05/10/4", @@ -260,7 +256,6 @@ "Description": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", "Severity": "LOW", "References": [ - "\nhttps://www.qualys.com/2019/01/09/system-down/system-down.txt\n ", "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", "http://seclists.org/fulldisclosure/2019/May/21", "http://www.openwall.com/lists/oss-security/2019/05/10/4", diff --git a/integration/testdata/centos-7.json.golden b/integration/testdata/centos-7.json.golden index 70e1786ef4..b924568794 100644 --- a/integration/testdata/centos-7.json.golden +++ b/integration/testdata/centos-7.json.golden @@ -301,8 +301,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n \nA flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system.", "Severity": "HIGH", "References": [ - "\nhttps://kb.isc.org/docs/cve-2018-5743\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743", + "https://kb.isc.org/docs/cve-2018-5743" ] }, { @@ -337,7 +337,6 @@ "Description": "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.", "Severity": "MEDIUM", "References": [ - "\nhttps://kb.isc.org/docs/cve-2018-5741\n ", "http://www.securityfocus.com/bid/105379", "http://www.securitytracker.com/id/1041674", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5741", @@ -355,8 +354,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n \nAn assertion failure was found in the way bind implemented the \"managed keys\" feature. An attacker could use this flaw to cause the named daemon to crash. This flaw is very difficult for an attacker to trigger because it requires an operator to have BIND configured to use a trust anchor managed by the attacker.", "Severity": "MEDIUM", "References": [ - "\nhttps://kb.isc.org/docs/cve-2018-5745\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745", + "https://kb.isc.org/docs/cve-2018-5745" ] }, { @@ -378,8 +377,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n \nIt was found that the controls for zone transfer were not properly applied to Dynamically Loadable Zones (DLZs). An attacker acting as a DNS client could use this flaw to request and receive a zone transfer of a DLZ even when not permitted to do so by the \"allow-transfer\" ACL.", "Severity": "LOW", "References": [ - "\nhttps://kb.isc.org/docs/cve-2019-6465\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465", + "https://kb.isc.org/docs/cve-2019-6465" ] }, { @@ -489,7 +488,6 @@ "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90103", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", @@ -506,7 +504,6 @@ "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", @@ -522,7 +519,6 @@ "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", @@ -538,7 +534,6 @@ "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", @@ -554,7 +549,6 @@ "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", @@ -570,7 +564,6 @@ "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90016", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", @@ -587,7 +580,6 @@ "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", @@ -604,7 +596,6 @@ "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", @@ -2655,7 +2646,6 @@ "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", "Severity": "CRITICAL", "References": [ - "\nhttps://curl.haxx.se/docs/CVE-2018-14618.html\n ", "http://www.securitytracker.com/id/1041605", "https://access.redhat.com/errata/RHSA-2018:3558", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", @@ -2678,7 +2668,6 @@ "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102D.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94098", "http://www.securitytracker.com/id/1037192", @@ -2700,7 +2689,6 @@ "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102E.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94100", "http://www.securitytracker.com/id/1037192", @@ -2723,7 +2711,6 @@ "Description": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102H.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94105", "http://www.securitytracker.com/id/1037192", @@ -2745,7 +2732,6 @@ "Description": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_2017-ae72.html\n ", "http://security.cucumberlinux.com/security/details.php?id=162", "http://www.securityfocus.com/bid/102057", "http://www.securitytracker.com/id/1039897", @@ -2766,7 +2752,6 @@ "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/CVE-2019-5482.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", "https://curl.haxx.se/docs/CVE-2019-5482.html", @@ -2784,7 +2769,6 @@ "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", "Severity": "MEDIUM", "References": [ - "\nhttp://curl.haxx.se/docs/adv_20150429.html\n ", "http://curl.haxx.se/docs/adv_20150429.html", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", @@ -2841,7 +2825,6 @@ "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102A.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94096", "http://www.securitytracker.com/id/1037192", @@ -2864,7 +2847,6 @@ "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102B.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94094", "http://www.securitytracker.com/id/1037192", @@ -2887,7 +2869,6 @@ "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102C.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94097", "http://www.securitytracker.com/id/1037192", @@ -2910,7 +2891,6 @@ "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102G.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94101", "http://www.securitytracker.com/id/1037192", @@ -2933,7 +2913,6 @@ "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102I.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94106", "http://www.securitytracker.com/id/1037192", @@ -2956,7 +2935,6 @@ "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102J.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94103", "http://www.securitytracker.com/id/1037192", @@ -2978,7 +2956,6 @@ "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102K.html\n ", "http://www.securityfocus.com/bid/94107", "http://www.securitytracker.com/id/1037192", "https://access.redhat.com/errata/RHSA-2018:2486", @@ -3000,7 +2977,6 @@ "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161221A.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/95019", "http://www.securitytracker.com/id/1037515", @@ -3022,7 +2998,6 @@ "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20170809B.html\n ", "http://www.debian.org/security/2017/dsa-3992", "http://www.securityfocus.com/bid/100286", "http://www.securitytracker.com/id/1039118", @@ -3042,7 +3017,6 @@ "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20171004.html\n ", "http://www.debian.org/security/2017/dsa-3992", "http://www.securityfocus.com/bid/101115", "http://www.securitytracker.com/id/1039509", @@ -3064,7 +3038,6 @@ "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/CVE-2018-16842.html\n ", "http://www.securitytracker.com/id/1042014", "https://access.redhat.com/errata/RHSA-2019:2181", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", @@ -3104,9 +3077,9 @@ "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", "Severity": "LOW", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20170403.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20170403.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", "https://security.gentoo.org/glsa/201709-14" @@ -3121,7 +3094,6 @@ "Description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.", "Severity": "LOW", "References": [ - "\nhttp://git.savannah.gnu.org/cgit/wget.git/tree/NEWS\n ", "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS", "http://www.securityfocus.com/bid/106358", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483", @@ -3337,7 +3309,6 @@ "Description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.", "Severity": "LOW", "References": [ - "\nhttps://www.openwall.com/lists/oss-security/2019/06/11/2\n ", "http://www.openwall.com/lists/oss-security/2019/06/11/2", "http://www.securityfocus.com/bid/108751", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749", @@ -3556,7 +3527,6 @@ "Description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.", "Severity": "LOW", "References": [ - "\nhttps://www.openwall.com/lists/oss-security/2019/06/11/2\n ", "http://www.openwall.com/lists/oss-security/2019/06/11/2", "http://www.securityfocus.com/bid/108751", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749", @@ -3578,13 +3548,13 @@ "Description": "The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.", "Severity": "HIGH", "References": [ - "\nhttps://access.redhat.com/articles/2786581\nhttp://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html\n ", "http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html", "http://www.openwall.com/lists/oss-security/2016/11/14/13", "http://www.openwall.com/lists/oss-security/2016/11/15/1", "http://www.openwall.com/lists/oss-security/2016/11/15/4", "http://www.openwall.com/lists/oss-security/2016/11/16/6", "http://www.securityfocus.com/bid/94315", + "https://access.redhat.com/articles/2786581", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4484", "https://gitlab.com/cryptsetup/cryptsetup/commit/ef8a7d82d8d3716ae9b58179590f7908981fa0cb" ] @@ -4534,7 +4504,6 @@ "Description": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.", "Severity": "HIGH", "References": [ - "\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-54.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html", @@ -4588,13 +4557,13 @@ "Description": "An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox \u003c 50.", "Severity": "HIGH", "References": [ - "\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9063\n ", "http://www.securityfocus.com/bid/94337", "http://www.securitytracker.com/id/1037298", "http://www.securitytracker.com/id/1039427", "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063", "https://www.debian.org/security/2017/dsa-3898", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9063", "https://www.mozilla.org/security/advisories/mfsa2016-89/" ] }, @@ -4672,7 +4641,6 @@ "Description": "XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.", "Severity": "MEDIUM", "References": [ - "\nhttps://libexpat.github.io/doc/cve-2017-9233/\n ", "http://www.debian.org/security/2017/dsa-3898", "http://www.openwall.com/lists/oss-security/2017/06/17/7", "http://www.securityfocus.com/bid/99276", @@ -5100,7 +5068,6 @@ "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", @@ -5117,7 +5084,6 @@ "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", @@ -5133,7 +5099,6 @@ "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", @@ -5220,7 +5185,6 @@ "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", "Severity": "HIGH", "References": [ - "\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=17048\n ", "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", "http://seclists.org/fulldisclosure/2019/Jun/18", @@ -5469,7 +5433,6 @@ "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", "Severity": "HIGH", "References": [ - "\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=17048\n ", "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", "http://seclists.org/fulldisclosure/2019/Jun/18", @@ -5756,7 +5719,7 @@ "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", "Severity": "MEDIUM", "References": [ - "\nhttps://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f\nhttps://access.redhat.com/articles/4264021\n ", + "https://access.redhat.com/articles/4264021", "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", "https://twitter.com/lambdafu/status/1147162583969009664" @@ -5817,7 +5780,6 @@ "Description": "Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"different line lengths in a specific order.\"", "Severity": "MEDIUM", "References": [ - "\nhttp://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77\n ", "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77", "http://seclists.org/oss-sec/2014/q3/266", "http://www.debian.org/security/2014/dsa-3005", @@ -6060,7 +6022,6 @@ "Description": "Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.ocert.org/advisories/ocert-2015-002.html\n ", "http://advisories.mageia.org/MGASA-2015-0061.html", "http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4", "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html", @@ -6115,7 +6076,6 @@ "Description": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", "Severity": "CRITICAL", "References": [ - "\nhttps://curl.haxx.se/docs/CVE-2018-14618.html\n ", "http://www.securitytracker.com/id/1041605", "https://access.redhat.com/errata/RHSA-2018:3558", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618", @@ -6138,7 +6098,6 @@ "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102D.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94098", "http://www.securitytracker.com/id/1037192", @@ -6160,7 +6119,6 @@ "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102E.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94100", "http://www.securitytracker.com/id/1037192", @@ -6183,7 +6141,6 @@ "Description": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102H.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94105", "http://www.securitytracker.com/id/1037192", @@ -6205,7 +6162,6 @@ "Description": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_2017-ae72.html\n ", "http://security.cucumberlinux.com/security/details.php?id=162", "http://www.securityfocus.com/bid/102057", "http://www.securitytracker.com/id/1039897", @@ -6226,7 +6182,6 @@ "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/CVE-2019-5482.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", "https://curl.haxx.se/docs/CVE-2019-5482.html", @@ -6244,7 +6199,6 @@ "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", "Severity": "MEDIUM", "References": [ - "\nhttp://curl.haxx.se/docs/adv_20150429.html\n ", "http://curl.haxx.se/docs/adv_20150429.html", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", @@ -6301,7 +6255,6 @@ "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102A.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94096", "http://www.securitytracker.com/id/1037192", @@ -6324,7 +6277,6 @@ "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102B.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94094", "http://www.securitytracker.com/id/1037192", @@ -6347,7 +6299,6 @@ "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102C.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94097", "http://www.securitytracker.com/id/1037192", @@ -6370,7 +6321,6 @@ "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102G.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94101", "http://www.securitytracker.com/id/1037192", @@ -6393,7 +6343,6 @@ "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102I.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94106", "http://www.securitytracker.com/id/1037192", @@ -6416,7 +6365,6 @@ "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102J.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94103", "http://www.securitytracker.com/id/1037192", @@ -6438,7 +6386,6 @@ "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102K.html\n ", "http://www.securityfocus.com/bid/94107", "http://www.securitytracker.com/id/1037192", "https://access.redhat.com/errata/RHSA-2018:2486", @@ -6460,7 +6407,6 @@ "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161221A.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/95019", "http://www.securitytracker.com/id/1037515", @@ -6482,7 +6428,6 @@ "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20170809B.html\n ", "http://www.debian.org/security/2017/dsa-3992", "http://www.securityfocus.com/bid/100286", "http://www.securitytracker.com/id/1039118", @@ -6502,7 +6447,6 @@ "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20171004.html\n ", "http://www.debian.org/security/2017/dsa-3992", "http://www.securityfocus.com/bid/101115", "http://www.securitytracker.com/id/1039509", @@ -6524,7 +6468,6 @@ "Description": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/CVE-2018-16842.html\n ", "http://www.securitytracker.com/id/1042014", "https://access.redhat.com/errata/RHSA-2019:2181", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842", @@ -6564,9 +6507,9 @@ "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", "Severity": "LOW", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20170403.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20170403.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", "https://security.gentoo.org/glsa/201709-14" @@ -6581,7 +6524,6 @@ "Description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.", "Severity": "LOW", "References": [ - "\nhttp://git.savannah.gnu.org/cgit/wget.git/tree/NEWS\n ", "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS", "http://www.securityfocus.com/bid/106358", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483", @@ -6647,7 +6589,6 @@ "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142\n ", "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", "http://www.securitytracker.com/id/1034375", @@ -6664,7 +6605,6 @@ "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90103", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", @@ -6681,7 +6621,6 @@ "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", @@ -6697,7 +6636,6 @@ "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", @@ -6713,7 +6651,6 @@ "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", @@ -6729,7 +6666,6 @@ "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", @@ -6745,7 +6681,6 @@ "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90016", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", @@ -6762,7 +6697,6 @@ "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", @@ -6779,7 +6713,6 @@ "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", @@ -6855,7 +6788,6 @@ "Description": "libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.", "Severity": "MEDIUM", "References": [ - "\nhttps://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html\nhttps://eprint.iacr.org/2017/627\n ", "http://www.securityfocus.com/bid/99338", "http://www.securitytracker.com/id/1038915", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526", @@ -6880,11 +6812,11 @@ "Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", "Severity": "MEDIUM", "References": [ - "\nhttps://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html", "https://dev.gnupg.org/T4541", "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020", - "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762" + "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762", + "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html" ] }, { @@ -7162,7 +7094,6 @@ "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", "Severity": "CRITICAL", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3855.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", @@ -7192,7 +7123,6 @@ "Description": "In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.", "Severity": "MEDIUM", "References": [ - "\nhttps://blog.semmle.com/libssh2-integer-overflow/\n ", "https://blog.semmle.com/libssh2-integer-overflow/", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13115", "https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa", @@ -7210,7 +7140,6 @@ "Description": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3856.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "https://access.redhat.com/errata/RHSA-2019:0679", @@ -7234,7 +7163,6 @@ "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3857.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "https://access.redhat.com/errata/RHSA-2019:0679", @@ -7258,7 +7186,6 @@ "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3858.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", @@ -7286,7 +7213,6 @@ "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3859.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html", @@ -7318,7 +7244,6 @@ "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3860.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860", @@ -7340,7 +7265,6 @@ "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3861.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861", @@ -7362,7 +7286,6 @@ "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3862.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html", @@ -7390,7 +7313,6 @@ "Description": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3863.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "https://access.redhat.com/errata/RHSA-2019:0679", @@ -7431,7 +7353,6 @@ "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142\n ", "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", "http://www.securitytracker.com/id/1034375", @@ -7448,7 +7369,6 @@ "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90103", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", @@ -7465,7 +7385,6 @@ "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", @@ -7481,7 +7400,6 @@ "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", @@ -7497,7 +7415,6 @@ "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", @@ -7513,7 +7430,6 @@ "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", @@ -7529,7 +7445,6 @@ "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90016", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", @@ -7546,7 +7461,6 @@ "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", @@ -7563,7 +7477,6 @@ "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", @@ -7910,7 +7823,6 @@ "Description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", "Severity": "MEDIUM", "References": [ - "\nhttps://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html\n ", "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", @@ -7930,6 +7842,7 @@ "https://codereview.chromium.org/2127493002", "https://crbug.com/623378", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131", + "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", "https://security.gentoo.org/glsa/201610-09", "https://security.gentoo.org/glsa/201701-37", "https://source.android.com/security/bulletin/2017-05-01", @@ -7982,7 +7895,6 @@ "Description": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "Severity": "MEDIUM", "References": [ - "\nhttps://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html\n ", "http://www.securitytracker.com/id/1040348", "https://access.redhat.com/errata/RHSA-2017:3401", "https://access.redhat.com/errata/RHSA-2018:0287", @@ -8327,7 +8239,6 @@ "Description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", "Severity": "MEDIUM", "References": [ - "\nhttps://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html\n ", "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", @@ -8347,6 +8258,7 @@ "https://codereview.chromium.org/2127493002", "https://crbug.com/623378", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131", + "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", "https://security.gentoo.org/glsa/201610-09", "https://security.gentoo.org/glsa/201701-37", "https://source.android.com/security/bulletin/2017-05-01", @@ -8399,7 +8311,6 @@ "Description": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "Severity": "MEDIUM", "References": [ - "\nhttps://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html\n ", "http://www.securitytracker.com/id/1040348", "https://access.redhat.com/errata/RHSA-2017:3401", "https://access.redhat.com/errata/RHSA-2018:0287", @@ -9270,12 +9181,12 @@ "Description": "Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.", "Severity": "HIGH", "References": [ - "\nhttps://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/dV4MyMsg6jw\n ", "http://www.securityfocus.com/bid/92385", "http://www.securitytracker.com/id/1036590", "http://www.ubuntu.com/usn/USN-3023-1", "https://bugzilla.mozilla.org/show_bug.cgi?id=1174015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1951", + "https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/dV4MyMsg6jw", "https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/dV4MyMsg6jw/hhWcXOgJDQAJ", "https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2" ] @@ -9536,7 +9447,6 @@ "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf\n ", "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", @@ -9589,6 +9499,7 @@ "http://www.debian.org/security/2015/dsa-3316", "http://www.debian.org/security/2015/dsa-3339", "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", @@ -9649,7 +9560,6 @@ "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", "Severity": "MEDIUM", "References": [ - "\nhttps://sweet32.info/\nhttps://access.redhat.com/articles/2548661\nhttps://access.redhat.com/errata/RHSA-2016:1940\n ", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2017-0336.html", @@ -9672,6 +9582,7 @@ "http://www.splunk.com/view/SP-CAAAPSV", "http://www.splunk.com/view/SP-CAAAPUE", "https://access.redhat.com/articles/2548661", + "https://access.redhat.com/errata/RHSA-2016:1940", "https://access.redhat.com/errata/RHSA-2017:1216", "https://access.redhat.com/errata/RHSA-2017:2708", "https://access.redhat.com/errata/RHSA-2017:2709", @@ -9731,7 +9642,6 @@ "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074\n ", "http://www.securityfocus.com/bid/94341", "http://www.securitytracker.com/id/1037298", "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", @@ -9739,6 +9649,7 @@ "https://security.gentoo.org/glsa/201701-15", "https://security.gentoo.org/glsa/201701-46", "https://www.debian.org/security/2016/dsa-3730", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", "https://www.mozilla.org/security/advisories/mfsa2016-89/", "https://www.mozilla.org/security/advisories/mfsa2016-90/", "https://www.mozilla.org/security/advisories/mfsa2016-93/" @@ -9782,8 +9693,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", "Severity": "MEDIUM", "References": [ - "\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes" ] }, { @@ -9795,7 +9706,6 @@ "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", "Severity": "LOW", "References": [ - "\nhttps://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/\n ", "http://www.securitytracker.com/id/1041144", "http://www.securitytracker.com/id/1041147", "https://access.redhat.com/errata/RHSA-2018:3221", @@ -9827,7 +9737,6 @@ "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA\n ", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", @@ -9840,6 +9749,7 @@ "http://www.debian.org/security/2015/dsa-3316", "http://www.debian.org/security/2015/dsa-3339", "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", "http://www.securityfocus.com/bid/75871", "http://www.securitytracker.com/id/1032910", "http://www.ubuntu.com/usn/USN-2696-1", @@ -9894,10 +9804,10 @@ "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781\n ", "http://www.securityfocus.com/bid/100383", "http://www.securitytracker.com/id/1039124", "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", + "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", "https://www.mozilla.org/security/advisories/mfsa2017-18/" ] }, @@ -9910,7 +9820,6 @@ "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA\n ", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", @@ -9923,6 +9832,7 @@ "http://www.debian.org/security/2015/dsa-3316", "http://www.debian.org/security/2015/dsa-3339", "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", "http://www.securityfocus.com/bid/75871", "http://www.securitytracker.com/id/1032910", "http://www.ubuntu.com/usn/USN-2696-1", @@ -9977,10 +9887,10 @@ "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781\n ", "http://www.securityfocus.com/bid/100383", "http://www.securitytracker.com/id/1039124", "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", + "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", "https://www.mozilla.org/security/advisories/mfsa2017-18/" ] }, @@ -10240,7 +10150,6 @@ "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf\n ", "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", @@ -10293,6 +10202,7 @@ "http://www.debian.org/security/2015/dsa-3316", "http://www.debian.org/security/2015/dsa-3339", "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", @@ -10353,7 +10263,6 @@ "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", "Severity": "MEDIUM", "References": [ - "\nhttps://sweet32.info/\nhttps://access.redhat.com/articles/2548661\nhttps://access.redhat.com/errata/RHSA-2016:1940\n ", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2017-0336.html", @@ -10376,6 +10285,7 @@ "http://www.splunk.com/view/SP-CAAAPSV", "http://www.splunk.com/view/SP-CAAAPUE", "https://access.redhat.com/articles/2548661", + "https://access.redhat.com/errata/RHSA-2016:1940", "https://access.redhat.com/errata/RHSA-2017:1216", "https://access.redhat.com/errata/RHSA-2017:2708", "https://access.redhat.com/errata/RHSA-2017:2709", @@ -10435,7 +10345,6 @@ "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074\n ", "http://www.securityfocus.com/bid/94341", "http://www.securitytracker.com/id/1037298", "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", @@ -10443,6 +10352,7 @@ "https://security.gentoo.org/glsa/201701-15", "https://security.gentoo.org/glsa/201701-46", "https://www.debian.org/security/2016/dsa-3730", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", "https://www.mozilla.org/security/advisories/mfsa2016-89/", "https://www.mozilla.org/security/advisories/mfsa2016-90/", "https://www.mozilla.org/security/advisories/mfsa2016-93/" @@ -10486,8 +10396,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", "Severity": "MEDIUM", "References": [ - "\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes" ] }, { @@ -10499,7 +10409,6 @@ "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", "Severity": "LOW", "References": [ - "\nhttps://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/\n ", "http://www.securitytracker.com/id/1041144", "http://www.securitytracker.com/id/1041147", "https://access.redhat.com/errata/RHSA-2018:3221", @@ -10778,7 +10687,6 @@ "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf\n ", "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", @@ -10831,6 +10739,7 @@ "http://www.debian.org/security/2015/dsa-3316", "http://www.debian.org/security/2015/dsa-3339", "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", @@ -10891,7 +10800,6 @@ "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", "Severity": "MEDIUM", "References": [ - "\nhttps://sweet32.info/\nhttps://access.redhat.com/articles/2548661\nhttps://access.redhat.com/errata/RHSA-2016:1940\n ", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2017-0336.html", @@ -10914,6 +10822,7 @@ "http://www.splunk.com/view/SP-CAAAPSV", "http://www.splunk.com/view/SP-CAAAPUE", "https://access.redhat.com/articles/2548661", + "https://access.redhat.com/errata/RHSA-2016:1940", "https://access.redhat.com/errata/RHSA-2017:1216", "https://access.redhat.com/errata/RHSA-2017:2708", "https://access.redhat.com/errata/RHSA-2017:2709", @@ -10973,7 +10882,6 @@ "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074\n ", "http://www.securityfocus.com/bid/94341", "http://www.securitytracker.com/id/1037298", "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", @@ -10981,6 +10889,7 @@ "https://security.gentoo.org/glsa/201701-15", "https://security.gentoo.org/glsa/201701-46", "https://www.debian.org/security/2016/dsa-3730", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", "https://www.mozilla.org/security/advisories/mfsa2016-89/", "https://www.mozilla.org/security/advisories/mfsa2016-90/", "https://www.mozilla.org/security/advisories/mfsa2016-93/" @@ -11024,8 +10933,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", "Severity": "MEDIUM", "References": [ - "\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes" ] }, { @@ -11037,7 +10946,6 @@ "Description": "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.", "Severity": "LOW", "References": [ - "\nhttps://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/\n ", "http://www.securitytracker.com/id/1041144", "http://www.securitytracker.com/id/1041147", "https://access.redhat.com/errata/RHSA-2018:3221", @@ -11091,11 +10999,12 @@ "Description": "An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.openldap.org/lists/openldap-announce/201907/msg00001.html\nhttps://openldap.org/its/?findid=9052\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", + "http://www.openldap.org/lists/openldap-announce/201907/msg00001.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13565", "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html", + "https://openldap.org/its/?findid=9052", "https://usn.ubuntu.com/4078-1/", "https://usn.ubuntu.com/4078-2/", "https://www.openldap.org/its/index.cgi/?findid=9052", @@ -11135,9 +11044,10 @@ "Description": "An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)", "Severity": "LOW", "References": [ - "\nhttp://www.openldap.org/lists/openldap-announce/201907/msg00001.html\nhttps://openldap.org/its/?findid=9038\n ", + "http://www.openldap.org/lists/openldap-announce/201907/msg00001.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13057", "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html", + "https://openldap.org/its/?findid=9038", "https://security.netapp.com/advisory/ntap-20190822-0004/", "https://usn.ubuntu.com/4078-1/", "https://usn.ubuntu.com/4078-2/", @@ -11401,7 +11311,6 @@ "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf\n ", "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", @@ -11454,6 +11363,7 @@ "http://www.debian.org/security/2015/dsa-3316", "http://www.debian.org/security/2015/dsa-3339", "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", @@ -11514,7 +11424,6 @@ "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", "Severity": "MEDIUM", "References": [ - "\nhttps://sweet32.info/\nhttps://access.redhat.com/articles/2548661\nhttps://access.redhat.com/errata/RHSA-2016:1940\n ", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2017-0336.html", @@ -11537,6 +11446,7 @@ "http://www.splunk.com/view/SP-CAAAPSV", "http://www.splunk.com/view/SP-CAAAPUE", "https://access.redhat.com/articles/2548661", + "https://access.redhat.com/errata/RHSA-2016:1940", "https://access.redhat.com/errata/RHSA-2017:1216", "https://access.redhat.com/errata/RHSA-2017:2708", "https://access.redhat.com/errata/RHSA-2017:2709", @@ -11650,7 +11560,6 @@ "Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", "Severity": "MEDIUM", "References": [ - "\nhttps://www.openssl.org/news/secadv/20190226.txt\nhttps://github.com/RUB-NDS/TLS-Padding-Oracles\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", @@ -11659,6 +11568,7 @@ "http://www.securityfocus.com/bid/107174", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", + "https://github.com/RUB-NDS/TLS-Padding-Oracles", "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282", "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", "https://security.gentoo.org/glsa/201903-10", @@ -11702,7 +11612,6 @@ "Description": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", "Severity": "LOW", "References": [ - "\nhttps://github.com/bbbrumley/portsmash\nhttps://www.openssl.org/news/secadv/20181112.txt\n ", "http://www.securityfocus.com/bid/105897", "https://access.redhat.com/errata/RHSA-2019:0483", "https://access.redhat.com/errata/RHSA-2019:0651", @@ -11718,6 +11627,7 @@ "https://www.debian.org/security/2018/dsa-4348", "https://www.debian.org/security/2018/dsa-4355", "https://www.exploit-db.com/exploits/45785/", + "https://www.openssl.org/news/secadv/20181112.txt", "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", @@ -11924,7 +11834,6 @@ "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", @@ -11941,7 +11850,6 @@ "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", @@ -11957,7 +11865,6 @@ "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", @@ -11992,7 +11899,6 @@ "Description": "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\n ", "http://seclists.org/oss-sec/2018/q2/122", "http://www.securityfocus.com/bid/104214", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121", @@ -12010,7 +11916,6 @@ "Description": "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\n ", "http://seclists.org/oss-sec/2018/q2/122", "http://www.securityfocus.com/bid/104214", "https://access.redhat.com/errata/RHSA-2019:2189", @@ -12034,7 +11939,6 @@ "Description": "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).", "Severity": "MEDIUM", "References": [ - "\nhttps://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\n ", "http://seclists.org/oss-sec/2018/q2/122", "http://www.securityfocus.com/bid/104214", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123", @@ -12057,7 +11961,6 @@ "Description": "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\n ", "http://seclists.org/oss-sec/2018/q2/122", "http://www.securityfocus.com/bid/104214", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", @@ -12078,7 +11981,7 @@ "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", "Severity": "HIGH", "References": [ - "\nhttp://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html\n ", + "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", "http://www.securitytracker.com/id/1039890", "https://bugs.python.org/issue30657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", @@ -12099,8 +12002,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n \nA null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.", "Severity": "HIGH", "References": [ - "\nhttps://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", + "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html" ] }, { @@ -12192,7 +12095,6 @@ "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", "Severity": "MEDIUM", "References": [ - "\nhttps://bugs.python.org/issue34623\n ", "http://www.securityfocus.com/bid/105396", "http://www.securitytracker.com/id/1041740", "https://access.redhat.com/errata/RHSA-2019:1260", @@ -12235,7 +12137,6 @@ "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", "Severity": "MEDIUM", "References": [ - "\nhttps://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html\n ", "https://access.redhat.com/errata/RHSA-2019:1587", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", @@ -12276,7 +12177,6 @@ "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", "Severity": "MEDIUM", "References": [ - "\nhttps://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", @@ -12370,7 +12270,7 @@ "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", "Severity": "HIGH", "References": [ - "\nhttp://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html\n ", + "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", "http://www.securitytracker.com/id/1039890", "https://bugs.python.org/issue30657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", @@ -12391,8 +12291,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n \nA null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.", "Severity": "HIGH", "References": [ - "\nhttps://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", + "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html" ] }, { @@ -12484,7 +12384,6 @@ "Description": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.", "Severity": "MEDIUM", "References": [ - "\nhttps://bugs.python.org/issue34623\n ", "http://www.securityfocus.com/bid/105396", "http://www.securitytracker.com/id/1041740", "https://access.redhat.com/errata/RHSA-2019:1260", @@ -12527,7 +12426,6 @@ "Description": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", "Severity": "MEDIUM", "References": [ - "\nhttps://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html\n ", "https://access.redhat.com/errata/RHSA-2019:1587", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160", "https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09", @@ -12568,7 +12466,6 @@ "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", "Severity": "MEDIUM", "References": [ - "\nhttps://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", @@ -12805,7 +12702,6 @@ "Description": "The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.", "Severity": "HIGH", "References": [ - "\nhttp://zerodayinitiative.com/advisories/ZDI-15-570/\n ", "http://support.apple.com/kb/HT204941", "http://support.apple.com/kb/HT204942", "http://zerodayinitiative.com/advisories/ZDI-15-570/", @@ -12866,7 +12762,6 @@ "Description": "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt\n ", "http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html", "http://www.openwall.com/lists/oss-security/2016/07/01/1", "http://www.openwall.com/lists/oss-security/2016/07/01/2", @@ -12916,10 +12811,10 @@ "Description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "Severity": "MEDIUM", "References": [ - "\nhttps://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html\n ", "http://www.securityfocus.com/bid/98767", "http://www.securityfocus.com/bid/99950", "https://access.redhat.com/errata/RHSA-2017:1833", + "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7000", "https://security.gentoo.org/glsa/201709-15", "https://support.apple.com/HT207797", @@ -12955,7 +12850,6 @@ "Description": "Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "Severity": "MEDIUM", "References": [ - "\nhttps://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html", "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html", "https://crbug.com/952406", @@ -13075,7 +12969,6 @@ "Description": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", "Severity": "LOW", "References": [ - "\nhttps://www.qualys.com/2019/01/09/system-down/system-down.txt\n ", "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", "http://seclists.org/fulldisclosure/2019/May/21", "http://www.openwall.com/lists/oss-security/2019/05/10/4", @@ -13217,7 +13110,6 @@ "Description": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", "Severity": "LOW", "References": [ - "\nhttps://www.qualys.com/2019/01/09/system-down/system-down.txt\n ", "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html", "http://seclists.org/fulldisclosure/2019/May/21", "http://www.openwall.com/lists/oss-security/2019/05/10/4", @@ -13257,7 +13149,6 @@ "Description": "Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.", "Severity": "MEDIUM", "References": [ - "\nhttps://sintonen.fi/advisories/tar-extract-pathname-bypass.txt\n ", "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d", "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html", "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html", @@ -13268,7 +13159,8 @@ "http://www.ubuntu.com/usn/USN-3132-1", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321", "https://security.gentoo.org/glsa/201611-19", - "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt" + "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt", + "https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt" ] }, { diff --git a/integration/testdata/debian-buster.json.golden b/integration/testdata/debian-buster.json.golden index c1be1a7a07..0d6681925d 100644 --- a/integration/testdata/debian-buster.json.golden +++ b/integration/testdata/debian-buster.json.golden @@ -481,11 +481,11 @@ "Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", "Severity": "MEDIUM", "References": [ - "\nhttps://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html", "https://dev.gnupg.org/T4541", "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020", - "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762" + "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762", + "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html" ] }, { @@ -626,7 +626,6 @@ "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", @@ -642,7 +641,6 @@ "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", diff --git a/integration/testdata/debian-stretch.json.golden b/integration/testdata/debian-stretch.json.golden index 61bea0e30b..8f576a4c29 100644 --- a/integration/testdata/debian-stretch.json.golden +++ b/integration/testdata/debian-stretch.json.golden @@ -1069,11 +1069,11 @@ "Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", "Severity": "MEDIUM", "References": [ - "\nhttps://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html", "https://dev.gnupg.org/T4541", "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020", - "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762" + "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762", + "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html" ] }, { @@ -1158,7 +1158,6 @@ "Description": "A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.", "Severity": "LOW", "References": [ - "\nhttp://cat.eyalro.net/\n ", "http://cat.eyalro.net/", "http://www.securityfocus.com/bid/106092", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869", @@ -1187,7 +1186,6 @@ "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", @@ -1203,7 +1201,6 @@ "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", diff --git a/integration/testdata/distroless-python27.json.golden b/integration/testdata/distroless-python27.json.golden index 3412b9e547..81c155b499 100644 --- a/integration/testdata/distroless-python27.json.golden +++ b/integration/testdata/distroless-python27.json.golden @@ -765,8 +765,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n \nA null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.", "Severity": "HIGH", "References": [ - "\nhttps://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", + "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html" ] }, { @@ -864,7 +864,6 @@ "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", "Severity": "MEDIUM", "References": [ - "\nhttps://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", @@ -1004,7 +1003,6 @@ "Description": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.", "Severity": "MEDIUM", "References": [ - "\nhttps://access.redhat.com/articles/3758321\nhttps://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html\nhttps://blade.tencent.com/magellan/index_en.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html", "http://www.securityfocus.com/bid/106323", @@ -1040,7 +1038,6 @@ "Description": "SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).", "Severity": "MEDIUM", "References": [ - "\nhttps://access.redhat.com/articles/3758321\nhttps://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html\nhttps://blade.tencent.com/magellan/index_en.html\n ", "http://seclists.org/fulldisclosure/2019/Jan/62", "http://seclists.org/fulldisclosure/2019/Jan/64", "http://seclists.org/fulldisclosure/2019/Jan/66", @@ -1048,6 +1045,9 @@ "http://seclists.org/fulldisclosure/2019/Jan/68", "http://seclists.org/fulldisclosure/2019/Jan/69", "http://www.securityfocus.com/bid/106698", + "https://access.redhat.com/articles/3758321", + "https://blade.tencent.com/magellan/index_en.html", + "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20505", "https://seclists.org/bugtraq/2019/Jan/28", "https://seclists.org/bugtraq/2019/Jan/29", @@ -1075,7 +1075,6 @@ "Description": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.", "Severity": "MEDIUM", "References": [ - "\nhttps://access.redhat.com/articles/3758321\nhttps://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html\nhttps://blade.tencent.com/magellan/index_en.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html", "http://seclists.org/fulldisclosure/2019/Jan/62", "http://seclists.org/fulldisclosure/2019/Jan/64", @@ -1084,6 +1083,9 @@ "http://seclists.org/fulldisclosure/2019/Jan/68", "http://seclists.org/fulldisclosure/2019/Jan/69", "http://www.securityfocus.com/bid/106698", + "https://access.redhat.com/articles/3758321", + "https://blade.tencent.com/magellan/index_en.html", + "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20506", "https://seclists.org/bugtraq/2019/Jan/28", "https://seclists.org/bugtraq/2019/Jan/29", @@ -1146,7 +1148,6 @@ "Description": "Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "Severity": "MEDIUM", "References": [ - "\nhttps://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html", "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html", "https://crbug.com/952406", @@ -1362,8 +1363,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.\n \nA null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.", "Severity": "HIGH", "References": [ - "\nhttps://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", + "https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html" ] }, { @@ -1461,7 +1462,6 @@ "Description": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.", "Severity": "MEDIUM", "References": [ - "\nhttps://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html", "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html", diff --git a/integration/testdata/fixtures/amazon-1.tar.gz b/integration/testdata/fixtures/amazon-1.tar.gz new file mode 100644 index 0000000000..78c6acfce7 Binary files /dev/null and b/integration/testdata/fixtures/amazon-1.tar.gz differ diff --git a/integration/testdata/fixtures/amazon-2.tar.gz b/integration/testdata/fixtures/amazon-2.tar.gz new file mode 100644 index 0000000000..f27379f9e6 Binary files /dev/null and b/integration/testdata/fixtures/amazon-2.tar.gz differ diff --git a/integration/testdata/trivy.db.gz b/integration/testdata/trivy.db.gz index 7b36efe533..b6dc9515d5 100644 Binary files a/integration/testdata/trivy.db.gz and b/integration/testdata/trivy.db.gz differ diff --git a/integration/testdata/ubi-7.json.golden b/integration/testdata/ubi-7.json.golden index d6eeca9d42..a1163df188 100644 --- a/integration/testdata/ubi-7.json.golden +++ b/integration/testdata/ubi-7.json.golden @@ -399,7 +399,6 @@ "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90103", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", @@ -416,7 +415,6 @@ "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", @@ -432,7 +430,6 @@ "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", @@ -448,7 +445,6 @@ "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", @@ -464,7 +460,6 @@ "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", @@ -480,7 +475,6 @@ "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90016", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", @@ -497,7 +491,6 @@ "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", @@ -514,7 +507,6 @@ "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", @@ -2517,7 +2509,6 @@ "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102D.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94098", "http://www.securitytracker.com/id/1037192", @@ -2539,7 +2530,6 @@ "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102E.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94100", "http://www.securitytracker.com/id/1037192", @@ -2562,7 +2552,6 @@ "Description": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102H.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94105", "http://www.securitytracker.com/id/1037192", @@ -2584,7 +2573,6 @@ "Description": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_2017-ae72.html\n ", "http://security.cucumberlinux.com/security/details.php?id=162", "http://www.securityfocus.com/bid/102057", "http://www.securitytracker.com/id/1039897", @@ -2605,7 +2593,6 @@ "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/CVE-2019-5482.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", "https://curl.haxx.se/docs/CVE-2019-5482.html", @@ -2623,7 +2610,6 @@ "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", "Severity": "MEDIUM", "References": [ - "\nhttp://curl.haxx.se/docs/adv_20150429.html\n ", "http://curl.haxx.se/docs/adv_20150429.html", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", @@ -2680,7 +2666,6 @@ "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102A.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94096", "http://www.securitytracker.com/id/1037192", @@ -2703,7 +2688,6 @@ "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102B.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94094", "http://www.securitytracker.com/id/1037192", @@ -2726,7 +2710,6 @@ "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102C.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94097", "http://www.securitytracker.com/id/1037192", @@ -2749,7 +2732,6 @@ "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102G.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94101", "http://www.securitytracker.com/id/1037192", @@ -2772,7 +2754,6 @@ "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102I.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94106", "http://www.securitytracker.com/id/1037192", @@ -2795,7 +2776,6 @@ "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102J.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94103", "http://www.securitytracker.com/id/1037192", @@ -2817,7 +2797,6 @@ "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102K.html\n ", "http://www.securityfocus.com/bid/94107", "http://www.securitytracker.com/id/1037192", "https://access.redhat.com/errata/RHSA-2018:2486", @@ -2839,7 +2818,6 @@ "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161221A.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/95019", "http://www.securitytracker.com/id/1037515", @@ -2861,7 +2839,6 @@ "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20170809B.html\n ", "http://www.debian.org/security/2017/dsa-3992", "http://www.securityfocus.com/bid/100286", "http://www.securitytracker.com/id/1039118", @@ -2881,7 +2858,6 @@ "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20171004.html\n ", "http://www.debian.org/security/2017/dsa-3992", "http://www.securityfocus.com/bid/101115", "http://www.securitytracker.com/id/1039509", @@ -2920,9 +2896,9 @@ "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", "Severity": "LOW", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20170403.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20170403.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", "https://security.gentoo.org/glsa/201709-14" @@ -2937,7 +2913,6 @@ "Description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.", "Severity": "LOW", "References": [ - "\nhttp://git.savannah.gnu.org/cgit/wget.git/tree/NEWS\n ", "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS", "http://www.securityfocus.com/bid/106358", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483", @@ -3153,7 +3128,6 @@ "Description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.", "Severity": "LOW", "References": [ - "\nhttps://www.openwall.com/lists/oss-security/2019/06/11/2\n ", "http://www.openwall.com/lists/oss-security/2019/06/11/2", "http://www.securityfocus.com/bid/108751", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749", @@ -3372,7 +3346,6 @@ "Description": "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.", "Severity": "LOW", "References": [ - "\nhttps://www.openwall.com/lists/oss-security/2019/06/11/2\n ", "http://www.openwall.com/lists/oss-security/2019/06/11/2", "http://www.securityfocus.com/bid/108751", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749", @@ -3394,13 +3367,13 @@ "Description": "The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.", "Severity": "HIGH", "References": [ - "\nhttps://access.redhat.com/articles/2786581\nhttp://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html\n ", "http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html", "http://www.openwall.com/lists/oss-security/2016/11/14/13", "http://www.openwall.com/lists/oss-security/2016/11/15/1", "http://www.openwall.com/lists/oss-security/2016/11/15/4", "http://www.openwall.com/lists/oss-security/2016/11/16/6", "http://www.securityfocus.com/bid/94315", + "https://access.redhat.com/articles/2786581", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4484", "https://gitlab.com/cryptsetup/cryptsetup/commit/ef8a7d82d8d3716ae9b58179590f7908981fa0cb" ] @@ -3873,7 +3846,6 @@ "Description": "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.", "Severity": "HIGH", "References": [ - "\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-54.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html", "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html", @@ -3927,13 +3899,13 @@ "Description": "An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox \u003c 50.", "Severity": "HIGH", "References": [ - "\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9063\n ", "http://www.securityfocus.com/bid/94337", "http://www.securitytracker.com/id/1037298", "http://www.securitytracker.com/id/1039427", "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063", "https://www.debian.org/security/2017/dsa-3898", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9063", "https://www.mozilla.org/security/advisories/mfsa2016-89/" ] }, @@ -4011,7 +3983,6 @@ "Description": "XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.", "Severity": "MEDIUM", "References": [ - "\nhttps://libexpat.github.io/doc/cve-2017-9233/\n ", "http://www.debian.org/security/2017/dsa-3898", "http://www.openwall.com/lists/oss-security/2017/06/17/7", "http://www.securityfocus.com/bid/99276", @@ -4128,7 +4099,6 @@ "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90103", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", @@ -4145,7 +4115,6 @@ "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", @@ -4161,7 +4130,6 @@ "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", @@ -4177,7 +4145,6 @@ "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", @@ -4193,7 +4160,6 @@ "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", @@ -4209,7 +4175,6 @@ "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90016", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", @@ -4226,7 +4191,6 @@ "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", @@ -4243,7 +4207,6 @@ "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", @@ -4638,7 +4601,6 @@ "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", @@ -4655,7 +4617,6 @@ "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", @@ -4671,7 +4632,6 @@ "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", @@ -4758,7 +4718,6 @@ "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", "Severity": "HIGH", "References": [ - "\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=17048\n ", "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", "http://seclists.org/fulldisclosure/2019/Jun/18", @@ -4990,7 +4949,6 @@ "Description": "The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.", "Severity": "HIGH", "References": [ - "\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=17048\n ", "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html", "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", "http://seclists.org/fulldisclosure/2019/Jun/18", @@ -5260,7 +5218,7 @@ "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", "Severity": "MEDIUM", "References": [ - "\nhttps://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f\nhttps://access.redhat.com/articles/4264021\n ", + "https://access.redhat.com/articles/4264021", "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", "https://twitter.com/lambdafu/status/1147162583969009664" @@ -5321,7 +5279,6 @@ "Description": "Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"different line lengths in a specific order.\"", "Severity": "MEDIUM", "References": [ - "\nhttp://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77\n ", "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77", "http://seclists.org/oss-sec/2014/q3/266", "http://www.debian.org/security/2014/dsa-3005", @@ -5564,7 +5521,6 @@ "Description": "Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.ocert.org/advisories/ocert-2015-002.html\n ", "http://advisories.mageia.org/MGASA-2015-0061.html", "http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4", "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html", @@ -5619,7 +5575,6 @@ "Description": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102D.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94098", "http://www.securitytracker.com/id/1037192", @@ -5641,7 +5596,6 @@ "Description": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102E.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94100", "http://www.securitytracker.com/id/1037192", @@ -5664,7 +5618,6 @@ "Description": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102H.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94105", "http://www.securitytracker.com/id/1037192", @@ -5686,7 +5639,6 @@ "Description": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/adv_2017-ae72.html\n ", "http://security.cucumberlinux.com/security/details.php?id=162", "http://www.securityfocus.com/bid/102057", "http://www.securitytracker.com/id/1039897", @@ -5707,7 +5659,6 @@ "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", "Severity": "HIGH", "References": [ - "\nhttps://curl.haxx.se/docs/CVE-2019-5482.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", "https://curl.haxx.se/docs/CVE-2019-5482.html", @@ -5725,7 +5676,6 @@ "Description": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.", "Severity": "MEDIUM", "References": [ - "\nhttp://curl.haxx.se/docs/adv_20150429.html\n ", "http://curl.haxx.se/docs/adv_20150429.html", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743", "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", @@ -5782,7 +5732,6 @@ "Description": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102A.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94096", "http://www.securitytracker.com/id/1037192", @@ -5805,7 +5754,6 @@ "Description": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102B.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94094", "http://www.securitytracker.com/id/1037192", @@ -5828,7 +5776,6 @@ "Description": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102C.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94097", "http://www.securitytracker.com/id/1037192", @@ -5851,7 +5798,6 @@ "Description": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102G.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94101", "http://www.securitytracker.com/id/1037192", @@ -5874,7 +5820,6 @@ "Description": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102I.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94106", "http://www.securitytracker.com/id/1037192", @@ -5897,7 +5842,6 @@ "Description": "curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102J.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/94103", "http://www.securitytracker.com/id/1037192", @@ -5919,7 +5863,6 @@ "Description": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161102K.html\n ", "http://www.securityfocus.com/bid/94107", "http://www.securitytracker.com/id/1037192", "https://access.redhat.com/errata/RHSA-2018:2486", @@ -5941,7 +5884,6 @@ "Description": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20161221A.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "http://www.securityfocus.com/bid/95019", "http://www.securitytracker.com/id/1037515", @@ -5963,7 +5905,6 @@ "Description": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20170809B.html\n ", "http://www.debian.org/security/2017/dsa-3992", "http://www.securityfocus.com/bid/100286", "http://www.securitytracker.com/id/1039118", @@ -5983,7 +5924,6 @@ "Description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.", "Severity": "MEDIUM", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20171004.html\n ", "http://www.debian.org/security/2017/dsa-3992", "http://www.securityfocus.com/bid/101115", "http://www.securitytracker.com/id/1039509", @@ -6022,9 +5962,9 @@ "Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.", "Severity": "LOW", "References": [ - "\nhttps://curl.haxx.se/docs/adv_20170403.html\n ", "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "https://access.redhat.com/errata/RHSA-2018:3558", + "https://curl.haxx.se/docs/adv_20170403.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407", "https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13", "https://security.gentoo.org/glsa/201709-14" @@ -6039,7 +5979,6 @@ "Description": "set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.", "Severity": "LOW", "References": [ - "\nhttp://git.savannah.gnu.org/cgit/wget.git/tree/NEWS\n ", "http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS", "http://www.securityfocus.com/bid/106358", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20483", @@ -6105,7 +6044,6 @@ "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142\n ", "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", "http://www.securitytracker.com/id/1034375", @@ -6122,7 +6060,6 @@ "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90103", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", @@ -6139,7 +6076,6 @@ "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", @@ -6155,7 +6091,6 @@ "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", @@ -6171,7 +6106,6 @@ "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", @@ -6187,7 +6121,6 @@ "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", @@ -6203,7 +6136,6 @@ "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90016", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", @@ -6220,7 +6152,6 @@ "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", @@ -6237,7 +6168,6 @@ "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", @@ -6313,7 +6243,6 @@ "Description": "libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.", "Severity": "MEDIUM", "References": [ - "\nhttps://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html\nhttps://eprint.iacr.org/2017/627\n ", "http://www.securityfocus.com/bid/99338", "http://www.securitytracker.com/id/1038915", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526", @@ -6338,11 +6267,11 @@ "Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", "Severity": "MEDIUM", "References": [ - "\nhttps://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html", "https://dev.gnupg.org/T4541", "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020", - "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762" + "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762", + "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html" ] }, { @@ -6642,7 +6571,6 @@ "Description": "In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.", "Severity": "MEDIUM", "References": [ - "\nhttps://blog.semmle.com/libssh2-integer-overflow/\n ", "https://blog.semmle.com/libssh2-integer-overflow/", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13115", "https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa", @@ -6660,7 +6588,6 @@ "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3859.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html", @@ -6692,7 +6619,6 @@ "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.libssh2.org/CVE-2019-3860.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html", "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860", @@ -6731,7 +6657,6 @@ "Description": "The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142\n ", "http://lists.opensuse.org/opensuse-updates/2015-11/msg00054.html", "http://lists.opensuse.org/opensuse-updates/2016-04/msg00052.html", "http://www.securitytracker.com/id/1034375", @@ -6748,7 +6673,6 @@ "Description": "Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90103", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226", @@ -6765,7 +6689,6 @@ "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487", @@ -6781,7 +6704,6 @@ "Description": "Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488", @@ -6797,7 +6719,6 @@ "Description": "Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489", @@ -6813,7 +6734,6 @@ "Description": "Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490", @@ -6829,7 +6749,6 @@ "Description": "The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\"", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90016", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491", @@ -6846,7 +6765,6 @@ "Description": "Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492", @@ -6863,7 +6781,6 @@ "Description": "The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.", "Severity": "MEDIUM", "References": [ - "\nhttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926\n ", "http://www.openwall.com/lists/oss-security/2016/05/05/5", "http://www.securityfocus.com/bid/90014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493", @@ -7210,7 +7127,6 @@ "Description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", "Severity": "MEDIUM", "References": [ - "\nhttps://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html\n ", "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", @@ -7230,6 +7146,7 @@ "https://codereview.chromium.org/2127493002", "https://crbug.com/623378", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131", + "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", "https://security.gentoo.org/glsa/201610-09", "https://security.gentoo.org/glsa/201701-37", "https://source.android.com/security/bulletin/2017-05-01", @@ -7282,7 +7199,6 @@ "Description": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "Severity": "MEDIUM", "References": [ - "\nhttps://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html\n ", "http://www.securitytracker.com/id/1040348", "https://access.redhat.com/errata/RHSA-2017:3401", "https://access.redhat.com/errata/RHSA-2018:0287", @@ -7627,7 +7543,6 @@ "Description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", "Severity": "MEDIUM", "References": [ - "\nhttps://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html\n ", "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", @@ -7647,6 +7562,7 @@ "https://codereview.chromium.org/2127493002", "https://crbug.com/623378", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131", + "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", "https://security.gentoo.org/glsa/201610-09", "https://security.gentoo.org/glsa/201701-37", "https://source.android.com/security/bulletin/2017-05-01", @@ -7699,7 +7615,6 @@ "Description": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "Severity": "MEDIUM", "References": [ - "\nhttps://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html\n ", "http://www.securitytracker.com/id/1040348", "https://access.redhat.com/errata/RHSA-2017:3401", "https://access.redhat.com/errata/RHSA-2018:0287", @@ -8570,12 +8485,12 @@ "Description": "Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.", "Severity": "HIGH", "References": [ - "\nhttps://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/dV4MyMsg6jw\n ", "http://www.securityfocus.com/bid/92385", "http://www.securitytracker.com/id/1036590", "http://www.ubuntu.com/usn/USN-3023-1", "https://bugzilla.mozilla.org/show_bug.cgi?id=1174015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1951", + "https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/dV4MyMsg6jw", "https://groups.google.com/forum/message/raw?msg=mozilla.dev.tech.nspr/dV4MyMsg6jw/hhWcXOgJDQAJ", "https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2" ] @@ -8836,7 +8751,6 @@ "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf\n ", "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", @@ -8889,6 +8803,7 @@ "http://www.debian.org/security/2015/dsa-3316", "http://www.debian.org/security/2015/dsa-3339", "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", @@ -8949,7 +8864,6 @@ "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", "Severity": "MEDIUM", "References": [ - "\nhttps://sweet32.info/\nhttps://access.redhat.com/articles/2548661\nhttps://access.redhat.com/errata/RHSA-2016:1940\n ", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2017-0336.html", @@ -8972,6 +8886,7 @@ "http://www.splunk.com/view/SP-CAAAPSV", "http://www.splunk.com/view/SP-CAAAPUE", "https://access.redhat.com/articles/2548661", + "https://access.redhat.com/errata/RHSA-2016:1940", "https://access.redhat.com/errata/RHSA-2017:1216", "https://access.redhat.com/errata/RHSA-2017:2708", "https://access.redhat.com/errata/RHSA-2017:2709", @@ -9031,7 +8946,6 @@ "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074\n ", "http://www.securityfocus.com/bid/94341", "http://www.securitytracker.com/id/1037298", "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", @@ -9039,6 +8953,7 @@ "https://security.gentoo.org/glsa/201701-15", "https://security.gentoo.org/glsa/201701-46", "https://www.debian.org/security/2016/dsa-3730", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", "https://www.mozilla.org/security/advisories/mfsa2016-89/", "https://www.mozilla.org/security/advisories/mfsa2016-90/", "https://www.mozilla.org/security/advisories/mfsa2016-93/" @@ -9067,8 +8982,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", "Severity": "MEDIUM", "References": [ - "\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes" ] }, { @@ -9080,7 +8995,6 @@ "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA\n ", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", @@ -9093,6 +9007,7 @@ "http://www.debian.org/security/2015/dsa-3316", "http://www.debian.org/security/2015/dsa-3339", "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", "http://www.securityfocus.com/bid/75871", "http://www.securitytracker.com/id/1032910", "http://www.ubuntu.com/usn/USN-2696-1", @@ -9147,10 +9062,10 @@ "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781\n ", "http://www.securityfocus.com/bid/100383", "http://www.securitytracker.com/id/1039124", "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", + "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", "https://www.mozilla.org/security/advisories/mfsa2017-18/" ] }, @@ -9163,7 +9078,6 @@ "Description": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA\n ", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html", "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html", @@ -9176,6 +9090,7 @@ "http://www.debian.org/security/2015/dsa-3316", "http://www.debian.org/security/2015/dsa-3339", "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", + "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA", "http://www.securityfocus.com/bid/75871", "http://www.securitytracker.com/id/1032910", "http://www.ubuntu.com/usn/USN-2696-1", @@ -9230,10 +9145,10 @@ "Description": "An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result \"POINT_AT_INFINITY\" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox \u003c 55.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781\n ", "http://www.securityfocus.com/bid/100383", "http://www.securitytracker.com/id/1039124", "https://bugzilla.mozilla.org/show_bug.cgi?id=1352039", + "https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7781", "https://www.mozilla.org/security/advisories/mfsa2017-18/" ] }, @@ -9493,7 +9408,6 @@ "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf\n ", "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", @@ -9546,6 +9460,7 @@ "http://www.debian.org/security/2015/dsa-3316", "http://www.debian.org/security/2015/dsa-3339", "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", @@ -9606,7 +9521,6 @@ "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", "Severity": "MEDIUM", "References": [ - "\nhttps://sweet32.info/\nhttps://access.redhat.com/articles/2548661\nhttps://access.redhat.com/errata/RHSA-2016:1940\n ", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2017-0336.html", @@ -9629,6 +9543,7 @@ "http://www.splunk.com/view/SP-CAAAPSV", "http://www.splunk.com/view/SP-CAAAPUE", "https://access.redhat.com/articles/2548661", + "https://access.redhat.com/errata/RHSA-2016:1940", "https://access.redhat.com/errata/RHSA-2017:1216", "https://access.redhat.com/errata/RHSA-2017:2708", "https://access.redhat.com/errata/RHSA-2017:2709", @@ -9688,7 +9603,6 @@ "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074\n ", "http://www.securityfocus.com/bid/94341", "http://www.securitytracker.com/id/1037298", "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", @@ -9696,6 +9610,7 @@ "https://security.gentoo.org/glsa/201701-15", "https://security.gentoo.org/glsa/201701-46", "https://www.debian.org/security/2016/dsa-3730", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", "https://www.mozilla.org/security/advisories/mfsa2016-89/", "https://www.mozilla.org/security/advisories/mfsa2016-90/", "https://www.mozilla.org/security/advisories/mfsa2016-93/" @@ -9724,8 +9639,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", "Severity": "MEDIUM", "References": [ - "\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes" ] }, { @@ -9984,7 +9899,6 @@ "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf\n ", "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", @@ -10037,6 +9951,7 @@ "http://www.debian.org/security/2015/dsa-3316", "http://www.debian.org/security/2015/dsa-3339", "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", @@ -10097,7 +10012,6 @@ "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", "Severity": "MEDIUM", "References": [ - "\nhttps://sweet32.info/\nhttps://access.redhat.com/articles/2548661\nhttps://access.redhat.com/errata/RHSA-2016:1940\n ", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2017-0336.html", @@ -10120,6 +10034,7 @@ "http://www.splunk.com/view/SP-CAAAPSV", "http://www.splunk.com/view/SP-CAAAPUE", "https://access.redhat.com/articles/2548661", + "https://access.redhat.com/errata/RHSA-2016:1940", "https://access.redhat.com/errata/RHSA-2017:1216", "https://access.redhat.com/errata/RHSA-2017:2708", "https://access.redhat.com/errata/RHSA-2017:2709", @@ -10179,7 +10094,6 @@ "Description": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074\n ", "http://www.securityfocus.com/bid/94341", "http://www.securitytracker.com/id/1037298", "https://bugzilla.mozilla.org/show_bug.cgi?id=1293334", @@ -10187,6 +10101,7 @@ "https://security.gentoo.org/glsa/201701-15", "https://security.gentoo.org/glsa/201701-46", "https://www.debian.org/security/2016/dsa-3730", + "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9074", "https://www.mozilla.org/security/advisories/mfsa2016-89/", "https://www.mozilla.org/security/advisories/mfsa2016-90/", "https://www.mozilla.org/security/advisories/mfsa2016-93/" @@ -10215,8 +10130,8 @@ "Description": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", "Severity": "MEDIUM", "References": [ - "\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes\n ", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508" + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes" ] }, { @@ -10250,11 +10165,12 @@ "Description": "An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.openldap.org/lists/openldap-announce/201907/msg00001.html\nhttps://openldap.org/its/?findid=9052\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", + "http://www.openldap.org/lists/openldap-announce/201907/msg00001.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13565", "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html", + "https://openldap.org/its/?findid=9052", "https://usn.ubuntu.com/4078-1/", "https://usn.ubuntu.com/4078-2/", "https://www.openldap.org/its/index.cgi/?findid=9052", @@ -10294,9 +10210,10 @@ "Description": "An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)", "Severity": "LOW", "References": [ - "\nhttp://www.openldap.org/lists/openldap-announce/201907/msg00001.html\nhttps://openldap.org/its/?findid=9038\n ", + "http://www.openldap.org/lists/openldap-announce/201907/msg00001.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13057", "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html", + "https://openldap.org/its/?findid=9038", "https://security.netapp.com/advisory/ntap-20190822-0004/", "https://usn.ubuntu.com/4078-1/", "https://usn.ubuntu.com/4078-2/", @@ -10560,7 +10477,6 @@ "Description": "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.", "Severity": "MEDIUM", "References": [ - "\nhttp://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf\n ", "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727", @@ -10613,6 +10529,7 @@ "http://www.debian.org/security/2015/dsa-3316", "http://www.debian.org/security/2015/dsa-3339", "http://www.huawei.com/en/psirt/security-advisories/hw-454055", + "http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf", "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", @@ -10673,7 +10590,6 @@ "Description": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", "Severity": "MEDIUM", "References": [ - "\nhttps://sweet32.info/\nhttps://access.redhat.com/articles/2548661\nhttps://access.redhat.com/errata/RHSA-2016:1940\n ", "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759", "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2017-0336.html", @@ -10696,6 +10612,7 @@ "http://www.splunk.com/view/SP-CAAAPSV", "http://www.splunk.com/view/SP-CAAAPUE", "https://access.redhat.com/articles/2548661", + "https://access.redhat.com/errata/RHSA-2016:1940", "https://access.redhat.com/errata/RHSA-2017:1216", "https://access.redhat.com/errata/RHSA-2017:2708", "https://access.redhat.com/errata/RHSA-2017:2709", @@ -10989,7 +10906,6 @@ "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", @@ -11006,7 +10922,6 @@ "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", @@ -11022,7 +10937,6 @@ "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", @@ -11057,7 +10971,6 @@ "Description": "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\n ", "http://seclists.org/oss-sec/2018/q2/122", "http://www.securityfocus.com/bid/104214", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121", @@ -11075,7 +10988,6 @@ "Description": "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).", "Severity": "MEDIUM", "References": [ - "\nhttps://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\n ", "http://seclists.org/oss-sec/2018/q2/122", "http://www.securityfocus.com/bid/104214", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123", @@ -11098,7 +11010,6 @@ "Description": "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\n ", "http://seclists.org/oss-sec/2018/q2/122", "http://www.securityfocus.com/bid/104214", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125", @@ -11119,7 +11030,7 @@ "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", "Severity": "HIGH", "References": [ - "\nhttp://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html\n ", + "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", "http://www.securitytracker.com/id/1039890", "https://bugs.python.org/issue30657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", @@ -11257,7 +11168,7 @@ "Description": "CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)", "Severity": "HIGH", "References": [ - "\nhttp://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html\n ", + "http://python-security.readthedocs.io/vuln/cve-2017-1000158_pystring_decodeescape_integer_overflow.html", "http://www.securitytracker.com/id/1039890", "https://bugs.python.org/issue30657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", @@ -11538,7 +11449,6 @@ "Description": "The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.", "Severity": "HIGH", "References": [ - "\nhttp://zerodayinitiative.com/advisories/ZDI-15-570/\n ", "http://support.apple.com/kb/HT204941", "http://support.apple.com/kb/HT204942", "http://zerodayinitiative.com/advisories/ZDI-15-570/", @@ -11599,7 +11509,6 @@ "Description": "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.", "Severity": "MEDIUM", "References": [ - "\nhttps://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt\n ", "http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html", "http://www.openwall.com/lists/oss-security/2016/07/01/1", "http://www.openwall.com/lists/oss-security/2016/07/01/2", @@ -11649,10 +11558,10 @@ "Description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "Severity": "MEDIUM", "References": [ - "\nhttps://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html\n ", "http://www.securityfocus.com/bid/98767", "http://www.securityfocus.com/bid/99950", "https://access.redhat.com/errata/RHSA-2017:1833", + "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7000", "https://security.gentoo.org/glsa/201709-15", "https://support.apple.com/HT207797", @@ -11688,7 +11597,6 @@ "Description": "Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "Severity": "MEDIUM", "References": [ - "\nhttps://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html", "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html", "https://crbug.com/952406", @@ -11872,7 +11780,6 @@ "Description": "Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.", "Severity": "MEDIUM", "References": [ - "\nhttps://sintonen.fi/advisories/tar-extract-pathname-bypass.txt\n ", "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d", "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html", "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html", @@ -11883,7 +11790,8 @@ "http://www.ubuntu.com/usn/USN-3132-1", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321", "https://security.gentoo.org/glsa/201611-19", - "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt" + "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt", + "https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt" ] }, { diff --git a/integration/testdata/ubuntu-1604.json.golden b/integration/testdata/ubuntu-1604.json.golden index 48243089b2..76b29371c0 100644 --- a/integration/testdata/ubuntu-1604.json.golden +++ b/integration/testdata/ubuntu-1604.json.golden @@ -106,7 +106,7 @@ "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", "Severity": "MEDIUM", "References": [ - "\nhttps://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f\nhttps://access.redhat.com/articles/4264021\n ", + "https://access.redhat.com/articles/4264021", "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", "https://twitter.com/lambdafu/status/1147162583969009664" @@ -121,7 +121,7 @@ "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", "Severity": "MEDIUM", "References": [ - "\nhttps://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f\nhttps://access.redhat.com/articles/4264021\n ", + "https://access.redhat.com/articles/4264021", "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", "https://twitter.com/lambdafu/status/1147162583969009664" @@ -719,13 +719,13 @@ "Description": "The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.", "Severity": "HIGH", "References": [ - "\nhttps://access.redhat.com/articles/2786581\nhttp://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html\n ", "http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html", "http://www.openwall.com/lists/oss-security/2016/11/14/13", "http://www.openwall.com/lists/oss-security/2016/11/15/1", "http://www.openwall.com/lists/oss-security/2016/11/15/4", "http://www.openwall.com/lists/oss-security/2016/11/16/6", "http://www.securityfocus.com/bid/94315", + "https://access.redhat.com/articles/2786581", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4484", "https://gitlab.com/cryptsetup/cryptsetup/commit/ef8a7d82d8d3716ae9b58179590f7908981fa0cb" ] @@ -1217,7 +1217,6 @@ "Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/", @@ -1234,7 +1233,6 @@ "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", @@ -1250,7 +1248,6 @@ "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", @@ -2416,7 +2413,6 @@ "Description": "inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", "Severity": "HIGH", "References": [ - "\nhttps://wiki.mozilla.org/images/0/09/Zlib-report.pdf\nhttps://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7\n ", "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html", "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html", "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html", @@ -2436,6 +2432,7 @@ "https://access.redhat.com/errata/RHSA-2017:3453", "https://bugzilla.redhat.com/show_bug.cgi?id=1402346", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9841", + "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", "https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb", "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html", "https://security.gentoo.org/glsa/201701-56", @@ -2457,7 +2454,6 @@ "Description": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.", "Severity": "HIGH", "References": [ - "\nhttps://wiki.mozilla.org/images/0/09/Zlib-report.pdf\nhttps://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7\n ", "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html", "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html", "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html", @@ -2477,6 +2473,7 @@ "https://access.redhat.com/errata/RHSA-2017:3453", "https://bugzilla.redhat.com/show_bug.cgi?id=1402351", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9843", + "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", "https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811", "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html", "https://security.gentoo.org/glsa/201701-56", @@ -2498,7 +2495,6 @@ "Description": "inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.", "Severity": "MEDIUM", "References": [ - "\nhttps://wiki.mozilla.org/images/0/09/Zlib-report.pdf\nhttps://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7\n ", "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html", "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html", "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html", @@ -2516,6 +2512,7 @@ "https://access.redhat.com/errata/RHSA-2017:3453", "https://bugzilla.redhat.com/show_bug.cgi?id=1402345", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9840", + "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", "https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0", "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html", "https://security.gentoo.org/glsa/201701-56", @@ -2536,7 +2533,6 @@ "Description": "The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.", "Severity": "MEDIUM", "References": [ - "\nhttps://wiki.mozilla.org/images/0/09/Zlib-report.pdf\nhttps://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7\n ", "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html", "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html", "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html", @@ -2554,6 +2550,7 @@ "https://access.redhat.com/errata/RHSA-2017:3453", "https://bugzilla.redhat.com/show_bug.cgi?id=1402348", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9842", + "https://docs.google.com/document/d/10i1KZS5so8xDqH2rplRa2xet0tyTvvJlLbQQmZIUIKE/edit#heading=h.t13tvnx4loq7", "https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958", "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html", "https://security.gentoo.org/glsa/201701-56", diff --git a/integration/testdata/ubuntu-1804.json.golden b/integration/testdata/ubuntu-1804.json.golden index dc67f072c6..10e36561a3 100644 --- a/integration/testdata/ubuntu-1804.json.golden +++ b/integration/testdata/ubuntu-1804.json.golden @@ -89,7 +89,7 @@ "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", "Severity": "MEDIUM", "References": [ - "\nhttps://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f\nhttps://access.redhat.com/articles/4264021\n ", + "https://access.redhat.com/articles/4264021", "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", "https://twitter.com/lambdafu/status/1147162583969009664" @@ -554,11 +554,11 @@ "Description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", "Severity": "MEDIUM", "References": [ - "\nhttps://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html\n ", "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00049.html", "https://dev.gnupg.org/T4541", "https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020", - "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762" + "https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762", + "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html" ] }, { @@ -587,7 +587,6 @@ "Description": "A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.", "Severity": "LOW", "References": [ - "\nhttp://cat.eyalro.net/\n ", "http://cat.eyalro.net/", "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html", "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.html", @@ -605,7 +604,6 @@ "Description": "A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.", "Severity": "LOW", "References": [ - "\nhttp://cat.eyalro.net/\n ", "http://cat.eyalro.net/", "http://www.securityfocus.com/bid/106092", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869", @@ -638,7 +636,6 @@ "Description": "A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.", "Severity": "LOW", "References": [ - "\nhttp://cat.eyalro.net/\n ", "http://cat.eyalro.net/", "http://www.securityfocus.com/bid/106092", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869", @@ -667,7 +664,6 @@ "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", @@ -683,7 +679,6 @@ "Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", "Severity": "MEDIUM", "References": [ - "\nhttps://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/\n ", "http://www.securityfocus.com/bid/97067", "https://access.redhat.com/errata/RHSA-2018:2486", "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", diff --git a/pkg/db/db.go b/pkg/db/db.go index 84776fba0b..4bf5006775 100644 --- a/pkg/db/db.go +++ b/pkg/db/db.go @@ -19,6 +19,17 @@ var ( dbDir string ) +type Operations interface { + SetVersion(string) error + Update(string, string, string, interface{}) error + BatchUpdate(func(*bolt.Tx) error) error + PutNestedBucket(*bolt.Tx, string, string, string, interface{}) error + ForEach(string, string) (map[string][]byte, error) +} + +type Config struct { +} + func Init() (err error) { dbDir = filepath.Join(utils.CacheDir(), "db") if err = os.MkdirAll(dbDir, 0700); err != nil { @@ -68,17 +79,17 @@ func GetVersion() string { return version } -func SetVersion(version string) error { - err := Update("trivy", "metadata", "version", version) +func (dbc Config) SetVersion(version string) error { + err := dbc.Update("trivy", "metadata", "version", version) if err != nil { return xerrors.Errorf("failed to save DB version: %w", err) } return nil } -func Update(rootBucket, nestedBucket, key string, value interface{}) error { +func (dbc Config) Update(rootBucket, nestedBucket, key string, value interface{}) error { err := db.Update(func(tx *bolt.Tx) error { - return PutNestedBucket(tx, rootBucket, nestedBucket, key, value) + return dbc.PutNestedBucket(tx, rootBucket, nestedBucket, key, value) }) if err != nil { return xerrors.Errorf("error in db update: %w", err) @@ -86,13 +97,14 @@ func Update(rootBucket, nestedBucket, key string, value interface{}) error { return err } -func PutNestedBucket(tx *bolt.Tx, rootBucket, nestedBucket, key string, value interface{}) error { +func (dbc Config) PutNestedBucket(tx *bolt.Tx, rootBucket, nestedBucket, key string, value interface{}) error { root, err := tx.CreateBucketIfNotExists([]byte(rootBucket)) if err != nil { return xerrors.Errorf("failed to create a bucket: %w", err) } return Put(root, nestedBucket, key, value) } + func Put(root *bolt.Bucket, nestedBucket, key string, value interface{}) error { nested, err := root.CreateBucketIfNotExists([]byte(nestedBucket)) if err != nil { @@ -104,7 +116,8 @@ func Put(root *bolt.Bucket, nestedBucket, key string, value interface{}) error { } return nested.Put([]byte(key), v) } -func BatchUpdate(fn func(tx *bolt.Tx) error) error { + +func (dbc Config) BatchUpdate(fn func(tx *bolt.Tx) error) error { err := db.Batch(fn) if err != nil { return xerrors.Errorf("error in batch update: %w", err) @@ -131,7 +144,7 @@ func Get(rootBucket, nestedBucket, key string) (value []byte, err error) { return value, nil } -func ForEach(rootBucket, nestedBucket string) (value map[string][]byte, err error) { +func (dbc Config) ForEach(rootBucket, nestedBucket string) (value map[string][]byte, err error) { value = map[string][]byte{} err = db.View(func(tx *bolt.Tx) error { root := tx.Bucket([]byte(rootBucket)) diff --git a/pkg/db/db_mock.go b/pkg/db/db_mock.go new file mode 100644 index 0000000000..c6e0bbba66 --- /dev/null +++ b/pkg/db/db_mock.go @@ -0,0 +1,43 @@ +package db + +import ( + bolt "github.com/etcd-io/bbolt" + "github.com/stretchr/testify/mock" +) + +type MockDBConfig struct { + mock.Mock +} + +func (_m *MockDBConfig) SetVersion(version string) error { + ret := _m.Called(version) + return ret.Error(0) +} + +func (_m *MockDBConfig) Update(a, b, c string, d interface{}) error { + ret := _m.Called(a, b, c, d) + return ret.Error(0) +} + +func (_m *MockDBConfig) BatchUpdate(f func(*bolt.Tx) error) error { + ret := _m.Called(f) + return ret.Error(0) +} + +func (_m *MockDBConfig) PutNestedBucket(a *bolt.Tx, b, c, d string, e interface{}) error { + ret := _m.Called(a, b, c, d, e) + return ret.Error(0) +} + +func (_m *MockDBConfig) ForEach(a string, b string) (map[string][]byte, error) { + ret := _m.Called(a, b) + ret0 := ret.Get(0) + if ret0 == nil { + return nil, ret.Error(1) + } + r, ok := ret0.(map[string][]byte) + if !ok { + return nil, ret.Error(1) + } + return r, ret.Error(1) +} diff --git a/pkg/run.go b/pkg/run.go index 085a6c05e6..460741793d 100644 --- a/pkg/run.go +++ b/pkg/run.go @@ -113,7 +113,8 @@ func Run(c *cli.Context) (err error) { } } - if err = db.SetVersion(cliVersion); err != nil { + dbc := db.Config{} + if err = dbc.SetVersion(cliVersion); err != nil { return xerrors.Errorf("unexpected error: %w", err) } diff --git a/pkg/scanner/library/bundler/advisory.go b/pkg/scanner/library/bundler/advisory.go index ce8f69b6a9..87f0b8be20 100644 --- a/pkg/scanner/library/bundler/advisory.go +++ b/pkg/scanner/library/bundler/advisory.go @@ -121,7 +121,8 @@ func (s *Scanner) walk() (AdvisoryDB, error) { } func (s *Scanner) saveVulnerabilities(vulns []vulnerability.Vulnerability) error { - return vulnerability.BatchUpdate(func(b *bbolt.Bucket) error { + vdb := vulnerability.DB{} + return vdb.BatchUpdate(func(b *bbolt.Bucket) error { for _, vuln := range vulns { if err := db.Put(b, vuln.ID, vulnerability.RubySec, vuln); err != nil { return xerrors.Errorf("failed to save %s vulnerability: %w", s.Type(), err) diff --git a/pkg/scanner/library/cargo/advisory.go b/pkg/scanner/library/cargo/advisory.go index 1f0bca403a..b36394edc0 100644 --- a/pkg/scanner/library/cargo/advisory.go +++ b/pkg/scanner/library/cargo/advisory.go @@ -104,7 +104,8 @@ func (s *Scanner) walk() (AdvisoryDB, error) { } func (s *Scanner) saveVulnerabilities(vulns []vulnerability.Vulnerability) error { - return vulnerability.BatchUpdate(func(b *bbolt.Bucket) error { + vdb := vulnerability.DB{} + return vdb.BatchUpdate(func(b *bbolt.Bucket) error { for _, vuln := range vulns { if err := db.Put(b, vuln.ID, vulnerability.RustSec, vuln); err != nil { return xerrors.Errorf("failed to save %s vulnerability: %w", s.Type(), err) diff --git a/pkg/scanner/library/composer/advisory.go b/pkg/scanner/library/composer/advisory.go index 2c4e7b8ad3..251592aa9f 100644 --- a/pkg/scanner/library/composer/advisory.go +++ b/pkg/scanner/library/composer/advisory.go @@ -101,7 +101,8 @@ func (s *Scanner) walk() (AdvisoryDB, error) { } func (s Scanner) saveVulnerabilities(vulns []vulnerability.Vulnerability) error { - return vulnerability.BatchUpdate(func(b *bbolt.Bucket) error { + vdb := vulnerability.DB{} + return vdb.BatchUpdate(func(b *bbolt.Bucket) error { for _, vuln := range vulns { if err := db.Put(b, vuln.ID, vulnerability.PhpSecurityAdvisories, vuln); err != nil { return xerrors.Errorf("failed to save %s vulnerability: %w", s.Type(), err) diff --git a/pkg/scanner/library/node/advisory.go b/pkg/scanner/library/node/advisory.go index b89de56ea9..ffff075b76 100644 --- a/pkg/scanner/library/node/advisory.go +++ b/pkg/scanner/library/node/advisory.go @@ -115,7 +115,8 @@ func (s *Scanner) walk() (AdvisoryDB, error) { } func (s Scanner) saveVulnerabilities(vulns []vulnerability.Vulnerability) error { - return vulnerability.BatchUpdate(func(b *bbolt.Bucket) error { + vdb := vulnerability.DB{} + return vdb.BatchUpdate(func(b *bbolt.Bucket) error { for _, vuln := range vulns { if err := db.Put(b, vuln.ID, vulnerability.NodejsSecurityWg, vuln); err != nil { return xerrors.Errorf("failed to save %s vulnerability: %w", s.Type(), err) diff --git a/pkg/scanner/library/python/advisory.go b/pkg/scanner/library/python/advisory.go index 2531c67690..2e8654e0a2 100644 --- a/pkg/scanner/library/python/advisory.go +++ b/pkg/scanner/library/python/advisory.go @@ -82,7 +82,8 @@ func (s *Scanner) parse() (AdvisoryDB, error) { } func (s Scanner) saveVulnerabilities(vulns []vulnerability.Vulnerability) error { - return vulnerability.BatchUpdate(func(b *bbolt.Bucket) error { + vdb := vulnerability.DB{} + return vdb.BatchUpdate(func(b *bbolt.Bucket) error { for _, vuln := range vulns { if err := db.Put(b, vuln.ID, vulnerability.PythonSafetyDB, vuln); err != nil { return xerrors.Errorf("failed to save %s vulnerability: %w", s.Type(), err) diff --git a/pkg/scanner/ospkg/amazon/amazon.go b/pkg/scanner/ospkg/amazon/amazon.go new file mode 100644 index 0000000000..b552d8483f --- /dev/null +++ b/pkg/scanner/ospkg/amazon/amazon.go @@ -0,0 +1,81 @@ +package amazon + +import ( + "strings" + + "go.uber.org/zap" + + "github.com/aquasecurity/fanal/analyzer" + "github.com/aquasecurity/trivy/pkg/vulnsrc/amazon" + version "github.com/knqyf263/go-deb-version" + "golang.org/x/xerrors" + + "github.com/aquasecurity/trivy/pkg/log" + "github.com/aquasecurity/trivy/pkg/scanner/utils" + "github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability" +) + +type Scanner struct { + l *zap.SugaredLogger + ac amazon.Operations +} + +func NewScanner() *Scanner { + return &Scanner{ + l: log.Logger, + ac: amazon.NewVulnSrc(), + } +} + +func (s *Scanner) Detect(osVer string, pkgs []analyzer.Package) ([]vulnerability.DetectedVulnerability, error) { + log.Logger.Info("Detecting Amazon Linux vulnerabilities...") + + osVer = strings.Fields(osVer)[0] + if osVer != "2" { + osVer = "1" + } + log.Logger.Debugf("amazon: os version: %s", osVer) + log.Logger.Debugf("amazon: the number of packages: %d", len(pkgs)) + + var vulns []vulnerability.DetectedVulnerability + for _, pkg := range pkgs { + advisories, err := s.ac.Get(osVer, pkg.Name) + if err != nil { + return nil, xerrors.Errorf("failed to get amazon advisories: %w", err) + } + + installed := utils.FormatVersion(pkg) + if installed == "" { + continue + } + + installedVersion, err := version.NewVersion(installed) + if err != nil { + log.Logger.Debugf("failed to parse Amazon Linux installed package version: %s", err) + continue + } + + for _, adv := range advisories { + fixedVersion, err := version.NewVersion(adv.FixedVersion) + if err != nil { + log.Logger.Debugf("failed to parse Amazon Linux package version: %s", err) + continue + } + + if installedVersion.LessThan(fixedVersion) { + vuln := vulnerability.DetectedVulnerability{ + VulnerabilityID: adv.VulnerabilityID, + PkgName: pkg.Name, + InstalledVersion: installed, + FixedVersion: adv.FixedVersion, + } + vulns = append(vulns, vuln) + } + } + } + return vulns, nil +} + +func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool { + return true +} diff --git a/pkg/scanner/ospkg/amazon/amazon_test.go b/pkg/scanner/ospkg/amazon/amazon_test.go new file mode 100644 index 0000000000..413a6bf9b2 --- /dev/null +++ b/pkg/scanner/ospkg/amazon/amazon_test.go @@ -0,0 +1,168 @@ +package amazon + +import ( + "errors" + "testing" + + "go.uber.org/zap" + + "go.uber.org/zap/zapcore" + "go.uber.org/zap/zaptest/observer" + + "github.com/aquasecurity/fanal/analyzer" + "github.com/aquasecurity/trivy/pkg/log" + "github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability" + "github.com/stretchr/testify/assert" +) + +type MockAmazonConfig struct { + update func(string, map[string]struct{}) error + get func(string, string) ([]vulnerability.Advisory, error) +} + +func (mac MockAmazonConfig) Update(a string, b map[string]struct{}) error { + if mac.update != nil { + return mac.update(a, b) + } + return nil +} + +func (mac MockAmazonConfig) Get(a string, b string) ([]vulnerability.Advisory, error) { + if mac.get != nil { + return mac.get(a, b) + } + return []vulnerability.Advisory{}, nil +} + +func TestScanner_Detect(t *testing.T) { + t.Run("happy path", func(t *testing.T) { + zc, recorder := observer.New(zapcore.DebugLevel) + log.Logger = zap.New(zc).Sugar() + s := &Scanner{ + l: log.Logger, + ac: MockAmazonConfig{ + get: func(s string, s2 string) (advisories []vulnerability.Advisory, e error) { + return []vulnerability.Advisory{ + { + VulnerabilityID: "123", + FixedVersion: "3.0.0", + }, + }, nil + }, + }, + } + + vuls, err := s.Detect("3.1.0", []analyzer.Package{ + { + Name: "testpkg", + Version: "2.1.0", + Release: "hotfix", + SrcRelease: "test-hotfix", + SrcVersion: "2.1.0", + }, + { + Name: "foopkg", + }, + }) + assert.NoError(t, err) + assert.Equal(t, []vulnerability.DetectedVulnerability{ + { + VulnerabilityID: "123", + PkgName: "testpkg", + InstalledVersion: "2.1.0-hotfix", + FixedVersion: "3.0.0", + }, + }, vuls) + + loggedMessages := getAllLoggedLogs(recorder) + assert.Contains(t, loggedMessages, "amazon: os version: 1") + assert.Contains(t, loggedMessages, "amazon: the number of packages: 2") + }) + + t.Run("get vulnerabilities fails to fetch", func(t *testing.T) { + _ = log.InitLogger(true, false) + s := &Scanner{ + l: log.Logger, + ac: MockAmazonConfig{ + get: func(s string, s2 string) (advisories []vulnerability.Advisory, e error) { + return nil, errors.New("failed to fetch advisories") + }, + }, + } + vuls, err := s.Detect("foo", []analyzer.Package{ + { + Name: "testpkg", + }, + }) + assert.Equal(t, "failed to get amazon advisories: failed to fetch advisories", err.Error()) + assert.Empty(t, vuls) + }) + + t.Run("invalid installed package version", func(t *testing.T) { + zc, recorder := observer.New(zapcore.DebugLevel) + log.Logger = zap.New(zc).Sugar() + s := &Scanner{ + l: log.Logger, + ac: MockAmazonConfig{ + get: func(s string, s2 string) (advisories []vulnerability.Advisory, e error) { + return []vulnerability.Advisory{ + { + VulnerabilityID: "123", + FixedVersion: "3.0.0", + }, + }, nil + }, + }, + } + + vuls, err := s.Detect("3.1.0", []analyzer.Package{ + { + Name: "testpkg", + Version: "badsourceversion", + }, + }) + assert.NoError(t, err) + assert.Equal(t, []vulnerability.DetectedVulnerability(nil), vuls) + loggedMessages := getAllLoggedLogs(recorder) + assert.Contains(t, loggedMessages, "failed to parse Amazon Linux installed package version: upstream_version must start with digit") + }) + + t.Run("invalid fixed package version", func(t *testing.T) { + zc, recorder := observer.New(zapcore.DebugLevel) + log.Logger = zap.New(zc).Sugar() + s := &Scanner{ + l: log.Logger, + ac: MockAmazonConfig{ + get: func(s string, s2 string) (advisories []vulnerability.Advisory, e error) { + return []vulnerability.Advisory{ + { + VulnerabilityID: "123", + FixedVersion: "thisisbadversioning", + }, + }, nil + }, + }, + } + + vuls, err := s.Detect("3.1.0", []analyzer.Package{ + { + Name: "testpkg", + Version: "3.1.0", + }, + }) + assert.NoError(t, err) + assert.Equal(t, []vulnerability.DetectedVulnerability(nil), vuls) + loggedMessages := getAllLoggedLogs(recorder) + assert.Contains(t, loggedMessages, "failed to parse Amazon Linux package version: upstream_version must start with digit") + }) + +} + +func getAllLoggedLogs(recorder *observer.ObservedLogs) []string { + allLogs := recorder.AllUntimed() + var loggedMessages []string + for _, l := range allLogs { + loggedMessages = append(loggedMessages, l.Message) + } + return loggedMessages +} diff --git a/pkg/scanner/ospkg/scan.go b/pkg/scanner/ospkg/scan.go index 2e3ee9b766..1732f9c5c2 100644 --- a/pkg/scanner/ospkg/scan.go +++ b/pkg/scanner/ospkg/scan.go @@ -15,6 +15,7 @@ import ( "github.com/aquasecurity/fanal/types" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/scanner/ospkg/alpine" + "github.com/aquasecurity/trivy/pkg/scanner/ospkg/amazon" "github.com/aquasecurity/trivy/pkg/scanner/ospkg/debian" "github.com/aquasecurity/trivy/pkg/scanner/ospkg/redhat" "github.com/aquasecurity/trivy/pkg/scanner/ospkg/ubuntu" @@ -44,6 +45,8 @@ func Scan(files extractor.FileMap) (string, string, []vulnerability.DetectedVuln s = ubuntu.NewScanner() case fos.RedHat, fos.CentOS: s = redhat.NewScanner() + case fos.Amazon: + s = amazon.NewScanner() default: log.Logger.Warnf("unsupported os : %s", os.Family) return "", "", nil, nil diff --git a/pkg/utils/progress.go b/pkg/utils/progress.go index b01bd9dc19..6790e1141a 100644 --- a/pkg/utils/progress.go +++ b/pkg/utils/progress.go @@ -37,6 +37,7 @@ func (s *Spinner) Stop() { s.client.Stop() } +// TODO: Expose an interface for progressbar type ProgressBar struct { client *pb.ProgressBar } diff --git a/pkg/vulnsrc/alpine/alpine.go b/pkg/vulnsrc/alpine/alpine.go index 5ff3d917ab..ff742dc548 100644 --- a/pkg/vulnsrc/alpine/alpine.go +++ b/pkg/vulnsrc/alpine/alpine.go @@ -63,7 +63,8 @@ func Update(dir string, updatedFiles map[string]struct{}) error { func save(cves []AlpineCVE) error { log.Logger.Debug("Saving Alpine DB") - err := db.BatchUpdate(func(tx *bolt.Tx) error { + dbc := db.Config{} + err := dbc.BatchUpdate(func(tx *bolt.Tx) error { for _, cve := range cves { platformName := fmt.Sprintf(platformFormat, cve.Release) pkgName := cve.Package @@ -72,7 +73,7 @@ func save(cves []AlpineCVE) error { FixedVersion: cve.FixedVersion, Repository: cve.Repository, } - if err := db.PutNestedBucket(tx, platformName, pkgName, cve.VulnerabilityID, advisory); err != nil { + if err := dbc.PutNestedBucket(tx, platformName, pkgName, cve.VulnerabilityID, advisory); err != nil { return xerrors.Errorf("failed to save alpine advisory: %w", err) } @@ -80,7 +81,8 @@ func save(cves []AlpineCVE) error { Title: cve.Subject, Description: cve.Description, } - if err := vulnerability.Put(tx, cve.VulnerabilityID, vulnerability.Alpine, vuln); err != nil { + vdb := vulnerability.DB{} + if err := vdb.Put(tx, cve.VulnerabilityID, vulnerability.Alpine, vuln); err != nil { return xerrors.Errorf("failed to save alpine vulnerability: %w", err) } } @@ -94,7 +96,7 @@ func save(cves []AlpineCVE) error { func Get(release string, pkgName string) ([]Advisory, error) { bucket := fmt.Sprintf(platformFormat, release) - advisories, err := db.ForEach(bucket, pkgName) + advisories, err := db.Config{}.ForEach(bucket, pkgName) if err != nil { return nil, xerrors.Errorf("error in Alpine foreach: %w", err) } diff --git a/pkg/vulnsrc/amazon/amazon.go b/pkg/vulnsrc/amazon/amazon.go new file mode 100644 index 0000000000..e4e66ad26c --- /dev/null +++ b/pkg/vulnsrc/amazon/amazon.go @@ -0,0 +1,199 @@ +package amazon + +import ( + "encoding/json" + "fmt" + "io" + "path/filepath" + "strings" + + "github.com/aquasecurity/trivy/pkg/db" + "github.com/aquasecurity/trivy/pkg/log" + "github.com/aquasecurity/trivy/pkg/utils" + "github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability" + "github.com/aquasecurity/vuln-list-update/amazon" + bolt "github.com/etcd-io/bbolt" + "golang.org/x/xerrors" +) + +const ( + amazonDir = "amazon" + platformFormat = "amazon linux %s" +) + +var ( + targetVersions = []string{"1", "2"} + fileWalker = utils.FileWalk // TODO: Remove once utils.go exposes an interface +) + +type Operations interface { + Update(string, map[string]struct{}) error + Get(string, string) ([]vulnerability.Advisory, error) +} + +type VulnSrc struct { + dbc db.Operations + vdb vulnerability.Operations + bar *utils.ProgressBar + alasList []alas +} + +type alas struct { + Version string + amazon.ALAS +} + +func NewVulnSrc() VulnSrc { + return VulnSrc{ + dbc: db.Config{}, + vdb: vulnerability.DB{}, + } +} + +func (vs VulnSrc) Update(dir string, updatedFiles map[string]struct{}) error { + rootDir := filepath.Join(dir, amazonDir) + targets, err := utils.FilterTargets(amazonDir, updatedFiles) //TODO: Untested + if err != nil { + return xerrors.Errorf("failed to filter target files: %w", err) + } else if len(targets) == 0 { + log.Logger.Debug("amazon: no updated file") + return nil + } + log.Logger.Debugf("Amazon Linux AMI Security Advisory updated files: %d", len(targets)) + + vs.bar = utils.PbStartNew(len(targets)) + defer vs.bar.Finish() + + err = fileWalker(rootDir, targets, vs.walkFunc) + if err != nil { + return xerrors.Errorf("error in amazon walk: %w", err) + } + + if err = vs.save(); err != nil { + return xerrors.Errorf("error in amazon save: %w", err) + } + + return nil +} + +func (vs *VulnSrc) walkFunc(r io.Reader, path string) error { + paths := strings.Split(path, string(filepath.Separator)) + if len(paths) < 2 { + return nil + } + version := paths[len(paths)-2] + if !utils.StringInSlice(version, targetVersions) { + log.Logger.Debugf("unsupported amazon version: %s", version) + return nil + } + + var vuln amazon.ALAS + if err := json.NewDecoder(r).Decode(&vuln); err != nil { + return xerrors.Errorf("failed to decode amazon JSON: %w", err) + } + + vs.alasList = append(vs.alasList, alas{ + Version: version, + ALAS: vuln, + }) + vs.bar.Increment() + return nil +} + +func (vs VulnSrc) save() error { + log.Logger.Debug("Saving amazon DB") + err := vs.dbc.BatchUpdate(vs.commit()) + if err != nil { + return xerrors.Errorf("error in batch update: %w", err) + } + return nil +} + +// TODO: Cleanup the double layer of nested closures +func (vs VulnSrc) commit() func(tx *bolt.Tx) error { + return vs.commitFunc +} + +func (vs VulnSrc) commitFunc(tx *bolt.Tx) error { + for _, alas := range vs.alasList { + for _, cveID := range alas.CveIDs { + for _, pkg := range alas.Packages { + platformName := fmt.Sprintf(platformFormat, alas.Version) + advisory := vulnerability.Advisory{ + VulnerabilityID: cveID, + FixedVersion: constructVersion(pkg.Epoch, pkg.Version, pkg.Release), + } + if err := vs.dbc.PutNestedBucket(tx, platformName, pkg.Name, cveID, advisory); err != nil { + return xerrors.Errorf("failed to save amazon advisory: %w", err) + } + + var references []string + for _, ref := range alas.References { + references = append(references, ref.Href) + } + + vuln := vulnerability.Vulnerability{ + Severity: severityFromPriority(alas.Severity), + References: references, + Description: alas.Description, + Title: "", + } + if err := vs.vdb.Put(tx, cveID, vulnerability.Amazon, vuln); err != nil { + return xerrors.Errorf("failed to save amazon vulnerability: %w", err) + } + } + } + } + return nil +} + +// Get returns a security advisory +func (vs VulnSrc) Get(version string, pkgName string) ([]vulnerability.Advisory, error) { + bucket := fmt.Sprintf(platformFormat, version) + advisories, err := vs.dbc.ForEach(bucket, pkgName) + if err != nil { + return nil, xerrors.Errorf("error in amazon foreach: %w", err) + } + if len(advisories) == 0 { + return nil, nil + } + + var results []vulnerability.Advisory + for _, v := range advisories { + var advisory vulnerability.Advisory + if err = json.Unmarshal(v, &advisory); err != nil { + return nil, xerrors.Errorf("failed to unmarshal amazon JSON: %w", err) + } + results = append(results, advisory) + } + return results, nil +} + +func severityFromPriority(priority string) vulnerability.Severity { + switch priority { + case "low": + return vulnerability.SeverityLow + case "medium": + return vulnerability.SeverityMedium + case "important": + return vulnerability.SeverityHigh + case "critical": + return vulnerability.SeverityCritical + default: + return vulnerability.SeverityUnknown + } +} + +func constructVersion(epoch, version, release string) string { + verStr := "" + if epoch != "0" && epoch != "" { + verStr += fmt.Sprintf("%s:", epoch) + } + verStr += version + + if release != "" { + verStr += fmt.Sprintf("-%s", release) + + } + return verStr +} diff --git a/pkg/vulnsrc/amazon/amazon_test.go b/pkg/vulnsrc/amazon/amazon_test.go new file mode 100644 index 0000000000..bed156bcd2 --- /dev/null +++ b/pkg/vulnsrc/amazon/amazon_test.go @@ -0,0 +1,397 @@ +package amazon + +import ( + "errors" + "io" + "os" + "strings" + "testing" + + bolt "github.com/etcd-io/bbolt" + "github.com/stretchr/testify/mock" + + "github.com/aquasecurity/trivy/pkg/db" + + "github.com/aquasecurity/vuln-list-update/amazon" + + "github.com/aquasecurity/trivy/pkg/utils" + + "github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability" + + "github.com/aquasecurity/trivy/pkg/log" + "github.com/stretchr/testify/assert" +) + +func TestMain(m *testing.M) { + err := log.InitLogger(false, true) + if err != nil { + log.Fatal(err) + } + utils.Quiet = true + os.Exit(m.Run()) +} + +func TestVulnSrc_Update(t *testing.T) { + testCases := []struct { + name string + cacheDir string + batchUpdateErr error + expectedError error + expectedVulns []vulnerability.Advisory + }{ + { + name: "happy path", + cacheDir: "testdata", + expectedError: nil, + }, + { + name: "cache dir doesnt exist", + cacheDir: "badpathdoesnotexist", + expectedError: errors.New("error in amazon walk: error in file walk: lstat badpathdoesnotexist/amazon: no such file or directory"), + }, + { + name: "unable to save amazon defintions", + cacheDir: "testdata", + batchUpdateErr: errors.New("unable to batch update"), + expectedError: errors.New("error in amazon save: error in batch update: unable to batch update"), + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + mockDBConfig := new(db.MockDBConfig) + mockDBConfig.On("BatchUpdate", mock.Anything).Return(tc.batchUpdateErr) + ac := VulnSrc{dbc: mockDBConfig} + + err := ac.Update(tc.cacheDir, map[string]struct{}{"amazon": {}}) + switch { + case tc.expectedError != nil: + assert.EqualError(t, err, tc.expectedError.Error(), tc.name) + default: + assert.NoError(t, err, tc.name) + } + }) + } +} + +func TestVulnSrc_Get(t *testing.T) { + type forEachReturn struct { + b map[string][]byte + err error + } + testCases := []struct { + name string + forEachFunc forEachReturn + expectedError error + expectedVulns []vulnerability.Advisory + }{ + { + name: "happy path", + forEachFunc: forEachReturn{ + b: map[string][]byte{ + "advisory1": []byte(`{"VulnerabilityID":"123","FixedVersion":"2.0.0"}`), + }, + err: nil, + }, + expectedError: nil, + expectedVulns: []vulnerability.Advisory{{VulnerabilityID: "123", FixedVersion: "2.0.0"}}, + }, + { + name: "no advisories are returned", + forEachFunc: forEachReturn{b: nil, err: nil}, + expectedError: nil, + expectedVulns: []vulnerability.Advisory(nil), + }, + { + name: "amazon forEach return an error", + forEachFunc: forEachReturn{b: nil, err: errors.New("foreach func returned an error")}, + expectedError: errors.New("error in amazon foreach: foreach func returned an error"), + expectedVulns: nil, + }, + { + name: "failed to unmarshal amazon json", + forEachFunc: forEachReturn{b: map[string][]byte{"foo": []byte(`badbar`)}, err: nil}, + expectedError: errors.New("failed to unmarshal amazon JSON: invalid character 'b' looking for beginning of value"), + expectedVulns: nil, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + mockDBConfig := new(db.MockDBConfig) + mockDBConfig.On("ForEach", mock.Anything, mock.Anything).Return( + tc.forEachFunc.b, tc.forEachFunc.err, + ) + ac := VulnSrc{dbc: mockDBConfig} + + vuls, err := ac.Get("1.1.0", "testpkg") + switch { + case tc.expectedError != nil: + assert.EqualError(t, err, tc.expectedError.Error(), tc.name) + default: + assert.NoError(t, err, tc.name) + } + + assert.Equal(t, tc.expectedVulns, vuls, tc.name) + }) + } +} + +func TestSeverityFromPriority(t *testing.T) { + testCases := map[string]vulnerability.Severity{ + "low": vulnerability.SeverityLow, + "medium": vulnerability.SeverityMedium, + "important": vulnerability.SeverityHigh, + "critical": vulnerability.SeverityCritical, + "unknown": vulnerability.SeverityUnknown, + } + for k, v := range testCases { + assert.Equal(t, v, severityFromPriority(k)) + } +} + +func TestConstructVersion(t *testing.T) { + type inputCombination struct { + epoch string + version string + release string + } + + testCases := []struct { + name string + inc inputCombination + expectedVersion string + }{ + { + name: "happy path", + inc: inputCombination{ + epoch: "2", + version: "3", + release: "master", + }, + expectedVersion: "2:3-master", + }, + { + name: "no epoch", + inc: inputCombination{ + version: "2", + release: "master", + }, + expectedVersion: "2-master", + }, + { + name: "no release", + inc: inputCombination{ + epoch: "", + version: "2", + }, + expectedVersion: "2", + }, + { + name: "no epoch and release", + inc: inputCombination{ + version: "2", + }, + expectedVersion: "2", + }, + { + name: "no epoch release or version", + inc: inputCombination{}, + expectedVersion: "", + }, + } + + for _, tc := range testCases { + assert.Equal(t, tc.expectedVersion, constructVersion(tc.inc.epoch, tc.inc.version, tc.inc.release), tc.name) + } +} + +func TestVulnSrc_WalkFunc(t *testing.T) { + testCases := []struct { + name string + ioReader io.Reader + inputPath string + expectedALASList []alas + expectedError error + expectedLogs []string + }{ + { + name: "happy path", + ioReader: strings.NewReader(`{ +"id":"123", +"severity":"high" +}`), + inputPath: "1/2/1", + expectedALASList: []alas{ + { + Version: "2", + ALAS: amazon.ALAS{ + ID: "123", + Severity: "high", + }, + }, + }, + expectedError: nil, + }, + { + name: "amazon returns invalid json", + ioReader: strings.NewReader(`invalidjson`), + inputPath: "1/2/1", + expectedALASList: []alas(nil), + expectedError: errors.New("failed to decode amazon JSON: invalid character 'i' looking for beginning of value"), + }, + { + name: "unsupported amazon version", + inputPath: "foo/bar/baz", + expectedError: nil, + expectedLogs: []string{"unsupported amazon version: bar"}, + }, + { + name: "empty path", + inputPath: "", + expectedError: nil, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + ac := VulnSrc{ + bar: utils.PbStartNew(1), + } + + err := ac.walkFunc(tc.ioReader, tc.inputPath) + switch { + case tc.expectedError != nil: + assert.EqualError(t, err, tc.expectedError.Error(), tc.name) + default: + assert.NoError(t, err, tc.name) + } + + assert.Equal(t, tc.expectedALASList, ac.alasList, tc.name) + }) + } +} + +func TestVulnSrc_CommitFunc(t *testing.T) { + testCases := []struct { + name string + alasList []alas + putNestedBucketErr error + putErr error + expectedError error + }{ + { + name: "happy path", + alasList: []alas{ + { + Version: "123", + ALAS: amazon.ALAS{ + ID: "123", + Severity: "high", + CveIDs: []string{"CVE-2020-0001"}, + References: []amazon.Reference{ + { + ID: "fooref", + Href: "http://foo.bar/baz", + Title: "bartitle", + }, + }, + Packages: []amazon.Package{ + { + Name: "testpkg", + Epoch: "123", + Version: "456", + Release: "testing", + }, + }, + }, + }, + }, + }, + { + name: "failed to save Amazon advisory, PutNestedBucket() return an error", + alasList: []alas{ + { + Version: "123", + ALAS: amazon.ALAS{ + ID: "123", + Severity: "high", + CveIDs: []string{"CVE-2020-0001"}, + References: []amazon.Reference{ + { + ID: "fooref", + Href: "http://foo.bar/baz", + Title: "bartitle", + }, + }, + Packages: []amazon.Package{ + { + Name: "testpkg", + Epoch: "123", + Version: "456", + Release: "testing", + }, + }, + }, + }, + }, + putNestedBucketErr: errors.New("putnestedbucket failed to save"), + expectedError: errors.New("failed to save amazon advisory: putnestedbucket failed to save"), + }, + { + name: "failed to save Amazon advisory, Put() return an error", + alasList: []alas{ + { + Version: "123", + ALAS: amazon.ALAS{ + ID: "123", + Severity: "high", + CveIDs: []string{"CVE-2020-0001"}, + References: []amazon.Reference{ + { + ID: "fooref", + Href: "http://foo.bar/baz", + Title: "bartitle", + }, + }, + Packages: []amazon.Package{ + { + Name: "testpkg", + Epoch: "123", + Version: "456", + Release: "testing", + }, + }, + }, + }, + }, + putErr: errors.New("failed to commit to db"), + expectedError: errors.New("failed to save amazon vulnerability: failed to commit to db"), + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + mockDBConfig := new(db.MockDBConfig) + mockDBConfig.On("PutNestedBucket", + mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return( + tc.putNestedBucketErr, + ) + mockVulnDB := new(vulnerability.MockVulnDB) + mockVulnDB.On( + "Put", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return( + tc.putErr, + ) + + vs := VulnSrc{dbc: mockDBConfig, vdb: mockVulnDB, alasList: tc.alasList} + + err := vs.commitFunc(&bolt.Tx{WriteFlag: 0}) + switch { + case tc.expectedError != nil: + assert.EqualError(t, err, tc.expectedError.Error(), tc.name) + default: + assert.NoError(t, err, tc.name) + } + }) + } +} diff --git a/pkg/vulnsrc/amazon/testdata/amazon/.keep b/pkg/vulnsrc/amazon/testdata/amazon/.keep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/pkg/vulnsrc/debian-oval/debian-oval.go b/pkg/vulnsrc/debian-oval/debian-oval.go index 6b754c1be4..eb0bea7b00 100644 --- a/pkg/vulnsrc/debian-oval/debian-oval.go +++ b/pkg/vulnsrc/debian-oval/debian-oval.go @@ -98,8 +98,9 @@ func walkDebian(cri Criteria, pkgs []Package) []Package { } func save(cves []DebianOVAL) error { + dbc := db.Config{} log.Logger.Debug("Saving Debian OVAL") - err := db.BatchUpdate(func(tx *bolt.Tx) error { + err := dbc.BatchUpdate(func(tx *bolt.Tx) error { for _, cve := range cves { affectedPkgs := walkDebian(cve.Criteria, []Package{}) for _, affectedPkg := range affectedPkgs { @@ -114,7 +115,7 @@ func save(cves []DebianOVAL) error { VulnerabilityID: cveID, FixedVersion: affectedPkg.FixedVersion, } - if err := db.PutNestedBucket(tx, platformName, affectedPkg.Name, cveID, advisory); err != nil { + if err := dbc.PutNestedBucket(tx, platformName, affectedPkg.Name, cveID, advisory); err != nil { return xerrors.Errorf("failed to save Debian OVAL advisory: %w", err) } @@ -128,7 +129,8 @@ func save(cves []DebianOVAL) error { References: references, } - if err := vulnerability.Put(tx, cveID, vulnerability.DebianOVAL, vuln); err != nil { + vdb := vulnerability.DB{} + if err := vdb.Put(tx, cveID, vulnerability.DebianOVAL, vuln); err != nil { return xerrors.Errorf("failed to save Debian OVAL vulnerability: %w", err) } } @@ -144,7 +146,7 @@ func save(cves []DebianOVAL) error { func Get(release string, pkgName string) ([]vulnerability.Advisory, error) { bucket := fmt.Sprintf(platformFormat, release) - advisories, err := db.ForEach(bucket, pkgName) + advisories, err := db.Config{}.ForEach(bucket, pkgName) if err != nil { return nil, xerrors.Errorf("error in Debian OVAL foreach: %w", err) } diff --git a/pkg/vulnsrc/debian/debian.go b/pkg/vulnsrc/debian/debian.go index 8c8d67446e..1290546381 100644 --- a/pkg/vulnsrc/debian/debian.go +++ b/pkg/vulnsrc/debian/debian.go @@ -73,8 +73,9 @@ func Update(dir string, updatedFiles map[string]struct{}) error { } func save(cves []DebianCVE) error { + dbc := db.Config{} log.Logger.Debug("Saving Debian DB") - err := db.BatchUpdate(func(tx *bolt.Tx) error { + err := dbc.BatchUpdate(func(tx *bolt.Tx) error { for _, cve := range cves { for _, release := range cve.Releases { for releaseStr := range release.Repositories { @@ -90,7 +91,7 @@ func save(cves []DebianCVE) error { VulnerabilityID: cve.VulnerabilityID, //Severity: severityFromUrgency(release.Urgency), } - if err := db.PutNestedBucket(tx, platformName, cve.Package, cve.VulnerabilityID, advisory); err != nil { + if err := dbc.PutNestedBucket(tx, platformName, cve.Package, cve.VulnerabilityID, advisory); err != nil { return xerrors.Errorf("failed to save Debian advisory: %w", err) } @@ -98,8 +99,8 @@ func save(cves []DebianCVE) error { Severity: severityFromUrgency(release.Urgency), Description: cve.Description, } - - if err := vulnerability.Put(tx, cve.VulnerabilityID, vulnerability.Debian, vuln); err != nil { + vdb := vulnerability.DB{} + if err := vdb.Put(tx, cve.VulnerabilityID, vulnerability.Debian, vuln); err != nil { return xerrors.Errorf("failed to save Debian vulnerability: %w", err) } } @@ -116,7 +117,7 @@ func save(cves []DebianCVE) error { func Get(release string, pkgName string) ([]vulnerability.Advisory, error) { bucket := fmt.Sprintf(platformFormat, release) - advisories, err := db.ForEach(bucket, pkgName) + advisories, err := db.Config{}.ForEach(bucket, pkgName) if err != nil { return nil, xerrors.Errorf("error in Debian foreach: %w", err) } diff --git a/pkg/vulnsrc/nvd/nvd.go b/pkg/vulnsrc/nvd/nvd.go index d7e8345cce..7a6656a0a8 100644 --- a/pkg/vulnsrc/nvd/nvd.go +++ b/pkg/vulnsrc/nvd/nvd.go @@ -64,7 +64,8 @@ func Update(dir string, updatedFiles map[string]struct{}) error { func save(items []Item) error { log.Logger.Debug("NVD batch update") - err := vulnerability.BatchUpdate(func(b *bolt.Bucket) error { + vdb := vulnerability.DB{} + err := vdb.BatchUpdate(func(b *bolt.Bucket) error { for _, item := range items { cveID := item.Cve.Meta.ID severity, _ := vulnerability.NewSeverity(item.Impact.BaseMetricV2.Severity) diff --git a/pkg/vulnsrc/redhat/redhat.go b/pkg/vulnsrc/redhat/redhat.go index afb5f9bd6e..aa4b82815d 100644 --- a/pkg/vulnsrc/redhat/redhat.go +++ b/pkg/vulnsrc/redhat/redhat.go @@ -113,8 +113,9 @@ type pkg map[string]advisory type advisory map[string]interface{} func save(cves []RedhatCVE) error { + dbc := db.Config{} log.Logger.Debug("Saving RedHat DB") - err := db.BatchUpdate(func(tx *bolt.Tx) error { + err := dbc.BatchUpdate(func(tx *bolt.Tx) error { for _, cve := range cves { for _, affected := range cve.AffectedRelease { if affected.Package == "" { @@ -131,7 +132,7 @@ func save(cves []RedhatCVE) error { VulnerabilityID: cve.Name, FixedVersion: version, } - if err := db.PutNestedBucket(tx, platformName, pkgName, cve.Name, advisory); err != nil { + if err := dbc.PutNestedBucket(tx, platformName, pkgName, cve.Name, advisory); err != nil { return xerrors.Errorf("failed to save Red Hat advisory: %w", err) } @@ -156,7 +157,7 @@ func save(cves []RedhatCVE) error { FixedVersion: "", VulnerabilityID: cve.Name, } - if err := db.PutNestedBucket(tx, platformName, pkgName, cve.Name, advisory); err != nil { + if err := dbc.PutNestedBucket(tx, platformName, pkgName, cve.Name, advisory); err != nil { return xerrors.Errorf("failed to save Red Hat advisory: %w", err) } @@ -175,7 +176,8 @@ func save(cves []RedhatCVE) error { Title: strings.TrimSpace(title), Description: strings.TrimSpace(strings.Join(cve.Details, "")), } - if err := vulnerability.Put(tx, cve.Name, vulnerability.RedHat, vuln); err != nil { + vdb := vulnerability.DB{} + if err := vdb.Put(tx, cve.Name, vulnerability.RedHat, vuln); err != nil { return xerrors.Errorf("failed to save Red Hat vulnerability: %w", err) } } @@ -190,7 +192,7 @@ func save(cves []RedhatCVE) error { func Get(majorVersion string, pkgName string) ([]vulnerability.Advisory, error) { bucket := fmt.Sprintf(platformFormat, majorVersion) - advisories, err := db.ForEach(bucket, pkgName) + advisories, err := db.Config{}.ForEach(bucket, pkgName) if err != nil { return nil, xerrors.Errorf("error in Red Hat foreach: %w", err) } diff --git a/pkg/vulnsrc/ubuntu/ubuntu.go b/pkg/vulnsrc/ubuntu/ubuntu.go index 170907c8c2..4e597d90f1 100644 --- a/pkg/vulnsrc/ubuntu/ubuntu.go +++ b/pkg/vulnsrc/ubuntu/ubuntu.go @@ -80,8 +80,9 @@ func Update(dir string, updatedFiles map[string]struct{}) error { } func save(cves []UbuntuCVE) error { + dbc := db.Config{} log.Logger.Debug("Saving Ubuntu DB") - err := db.BatchUpdate(func(tx *bolt.Tx) error { + err := dbc.BatchUpdate(func(tx *bolt.Tx) error { for _, cve := range cves { for packageName, patch := range cve.Patches { pkgName := string(packageName) @@ -100,7 +101,7 @@ func save(cves []UbuntuCVE) error { if status.Status == "released" { advisory.FixedVersion = status.Note } - if err := db.PutNestedBucket(tx, platformName, pkgName, cve.Candidate, advisory); err != nil { + if err := dbc.PutNestedBucket(tx, platformName, pkgName, cve.Candidate, advisory); err != nil { return xerrors.Errorf("failed to save Ubuntu advisory: %w", err) } @@ -111,7 +112,8 @@ func save(cves []UbuntuCVE) error { // TODO Title: "", } - if err := vulnerability.Put(tx, cve.Candidate, vulnerability.Ubuntu, vuln); err != nil { + vdb := vulnerability.DB{} + if err := vdb.Put(tx, cve.Candidate, vulnerability.Ubuntu, vuln); err != nil { return xerrors.Errorf("failed to save Ubuntu vulnerability: %w", err) } } @@ -127,7 +129,7 @@ func save(cves []UbuntuCVE) error { func Get(release string, pkgName string) ([]vulnerability.Advisory, error) { bucket := fmt.Sprintf(platformFormat, release) - advisories, err := db.ForEach(bucket, pkgName) + advisories, err := db.Config{}.ForEach(bucket, pkgName) if err != nil { return nil, xerrors.Errorf("error in Ubuntu foreach: %w", err) } diff --git a/pkg/vulnsrc/vulnerability/db.go b/pkg/vulnsrc/vulnerability/db.go index 86df51e157..bc8139edcd 100644 --- a/pkg/vulnsrc/vulnerability/db.go +++ b/pkg/vulnsrc/vulnerability/db.go @@ -12,7 +12,17 @@ const ( rootBucket = "vulnerability" ) -func Put(tx *bolt.Tx, cveID, source string, vuln Vulnerability) error { +type Operations interface { + Put(*bolt.Tx, string, string, Vulnerability) error + Update(string, string, Vulnerability) error + BatchUpdate(func(bucket *bolt.Bucket) error) error + Get(string) (map[string]Vulnerability, error) +} + +type DB struct { +} + +func (d DB) Put(tx *bolt.Tx, cveID, source string, vuln Vulnerability) error { root, err := tx.CreateBucketIfNotExists([]byte(rootBucket)) if err != nil { return err @@ -20,12 +30,12 @@ func Put(tx *bolt.Tx, cveID, source string, vuln Vulnerability) error { return db.Put(root, cveID, source, vuln) } -func Update(cveID, source string, vuln Vulnerability) error { - return db.Update(rootBucket, cveID, source, vuln) +func (d DB) Update(cveID, source string, vuln Vulnerability) error { + return db.Config{}.Update(rootBucket, cveID, source, vuln) } -func BatchUpdate(fn func(b *bolt.Bucket) error) error { - return db.BatchUpdate(func(tx *bolt.Tx) error { +func (d DB) BatchUpdate(fn func(b *bolt.Bucket) error) error { + return db.Config{}.BatchUpdate(func(tx *bolt.Tx) error { root, err := tx.CreateBucketIfNotExists([]byte(rootBucket)) if err != nil { return err @@ -34,8 +44,8 @@ func BatchUpdate(fn func(b *bolt.Bucket) error) error { }) } -func Get(cveID string) (map[string]Vulnerability, error) { - values, err := db.ForEach(rootBucket, cveID) +func (d DB) Get(cveID string) (map[string]Vulnerability, error) { + values, err := db.Config{}.ForEach(rootBucket, cveID) if err != nil { return nil, xerrors.Errorf("error in NVD get: %w", err) } diff --git a/pkg/vulnsrc/vulnerability/db_mock.go b/pkg/vulnsrc/vulnerability/db_mock.go new file mode 100644 index 0000000000..9f0d2151c3 --- /dev/null +++ b/pkg/vulnsrc/vulnerability/db_mock.go @@ -0,0 +1,38 @@ +package vulnerability + +import ( + bolt "github.com/etcd-io/bbolt" + "github.com/stretchr/testify/mock" +) + +type MockVulnDB struct { + mock.Mock +} + +func (_m *MockVulnDB) Update(a, b string, c Vulnerability) error { + ret := _m.Called(a, b, c) + return ret.Error(0) +} + +func (_m *MockVulnDB) BatchUpdate(f func(bucket *bolt.Bucket) error) error { + ret := _m.Called(f) + return ret.Error(0) +} + +func (_m *MockVulnDB) Get(a string) (map[string]Vulnerability, error) { + ret := _m.Called(a) + ret0 := ret.Get(0) + if ret0 == nil { + return nil, ret.Error(1) + } + r, ok := ret0.(map[string]Vulnerability) + if !ok { + return nil, ret.Error(1) + } + return r, ret.Error(1) +} + +func (_m *MockVulnDB) Put(tx *bolt.Tx, cveID, source string, vuln Vulnerability) error { + ret := _m.Called(tx, cveID, source, vuln) + return ret.Error(0) +} diff --git a/pkg/vulnsrc/vulnerability/vulnerability.go b/pkg/vulnsrc/vulnerability/vulnerability.go index e1cc61dbf2..9641955c7a 100644 --- a/pkg/vulnsrc/vulnerability/vulnerability.go +++ b/pkg/vulnsrc/vulnerability/vulnerability.go @@ -18,7 +18,7 @@ const ( ) var ( - sources = []string{Nvd, RedHat, Debian, DebianOVAL, Alpine, + sources = []string{Nvd, RedHat, Debian, DebianOVAL, Alpine, Amazon, RubySec, RustSec, PhpSecurityAdvisories, NodejsSecurityWg, PythonSafetyDB} getDetailFunc = getDetail ) @@ -84,7 +84,7 @@ func getIgnoredIDs(ignoreFile string) []string { } func getDetail(vulnID string) (Severity, string, string, []string) { - details, err := Get(vulnID) + details, err := DB{}.Get(vulnID) if err != nil { log.Logger.Debug(err) return SeverityUnknown, "", "", nil @@ -141,12 +141,20 @@ func getDescription(details map[string]Vulnerability) string { func getReferences(details map[string]Vulnerability) []string { references := map[string]struct{}{} for _, source := range sources { + // Amazon contains unrelated references + if source == Amazon { + continue + } d, ok := details[source] if !ok { continue } for _, ref := range d.References { - references[ref] = struct{}{} + // e.g. "\nhttps://curl.haxx.se/docs/CVE-2019-5481.html\n " + ref = strings.TrimSpace(ref) + for _, r := range strings.Split(ref, "\n") { + references[r] = struct{}{} + } } } var refs []string diff --git a/pkg/vulnsrc/vulnsrc.go b/pkg/vulnsrc/vulnsrc.go index 03baa19864..a7bcd971e3 100644 --- a/pkg/vulnsrc/vulnsrc.go +++ b/pkg/vulnsrc/vulnsrc.go @@ -7,6 +7,7 @@ import ( "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/utils" "github.com/aquasecurity/trivy/pkg/vulnsrc/alpine" + "github.com/aquasecurity/trivy/pkg/vulnsrc/amazon" "github.com/aquasecurity/trivy/pkg/vulnsrc/debian" debianoval "github.com/aquasecurity/trivy/pkg/vulnsrc/debian-oval" "github.com/aquasecurity/trivy/pkg/vulnsrc/nvd" @@ -32,6 +33,7 @@ var ( vulnerability.Debian: debian.Update, vulnerability.DebianOVAL: debianoval.Update, vulnerability.Ubuntu: ubuntu.Update, + vulnerability.Amazon: amazon.NewVulnSrc().Update, } ) diff --git a/pkg/vulnsrc/vulnsrc_test.go b/pkg/vulnsrc/vulnsrc_test.go index d11ea5fd27..58517e5f8f 100644 --- a/pkg/vulnsrc/vulnsrc_test.go +++ b/pkg/vulnsrc/vulnsrc_test.go @@ -26,8 +26,9 @@ func BenchmarkUpdate(b *testing.B) { b.ResetTimer() b.Run("NVD", func(b *testing.B) { + dbc := db.Config{} for i := 0; i < b.N; i++ { - if err := db.SetVersion(""); err != nil { + if err := dbc.SetVersion(""); err != nil { b.Fatal(err) } if err := Update([]string{vulnerability.Nvd}); err != nil {