Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:A9DBFD2484BF1F3091FEB89E228E9BB3
HistoryFeb 29, 2024 - 12:00 a.m.

USN-6627-1: libde265 vulnerabilities | Cloud Foundry

2024-02-2900:00:00
Cloud Foundry
www.cloudfoundry.org
6
canonical ubuntu
cloud foundry
libde265
out of bounds
denial of service
execute arbitrary code
memory management
logical error
vulnerability fix
cflinuxfs4
cf deployment
mitigation
upgrade
cve-2021-36408
cve-2021-35452
cve-2021-36409
cve-2021-36410
cve-2021-36411
cve-2022-1253
cve-2022-43235
cve-2022-43236
cve-2022-43237
cve-2022-43238
cve-2022-43239
cve-2022-43240
cve-2022-43241
cve-2022-43242
cve-2022-43243
cve-2022-43248

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.6%

JSON

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 22.04

Description

It was discovered that libde265 could be made to read out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2021-35452, CVE-2021-36411, CVE-2022-43238, CVE-2022-43241, CVE-2022-43242) It was discovered that libde265 did not properly manage memory. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2021-36408) It was discovered that libde265 contained a logical error. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. (CVE-2021-36409) It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2021-36410, CVE-2022-43235, CVE-2022-43236, CVE-2022-43237, CVE-2022-43239, CVE-2022-43240, CVE-2022-43243, CVE-2022-43248, CVE-2022-43252, CVE-2022-43253) It was discovered that libde265 could be made to write out of bounds. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1253) Update Instructions: Run sudo pro fix USN-6627-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libde265-0 – 1.0.4-1ubuntu0.2 libde265-examples – 1.0.4-1ubuntu0.2 libde265-dev – 1.0.4-1ubuntu0.2 No subscription required

CVEs contained in this USN include: CVE-2021-36408, CVE-2021-35452, CVE-2021-36409, CVE-2021-36410, CVE-2021-36411, CVE-2022-1253, CVE-2022-43235, CVE-2022-43236, CVE-2022-43237, CVE-2022-43238, CVE-2022-43239, CVE-2022-43240, CVE-2022-43241, CVE-2022-43242, CVE-2022-43243, CVE-2022-43248, CVE-2022-43252, CVE-2022-43253.

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

  • cflinuxfs4
    • All versions prior to 1.71.0
  • CF Deployment
    • All versions prior to 37.5.0

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below.

The Cloud Foundry project recommends upgrading the following releases:

  • cflinuxfs4
    • Upgrade all versions to 1.71.0 or greater
  • CF Deployment
    • Upgrade all versions to 37.5.0 or greater

References

History

2024-02-29: Initial vulnerability report published.

CPENameOperatorVersion
cflinuxfs4lt1.71.0
cf deploymentlt37.5.0

Related

openvas 6
nessus 6
ubuntu 2
osv 23
debian 3
freebsd 1
mageia 1
veracode 18
prion 18
debiancve 18
alpinelinux 18
ubuntucve 18
cnvd 5
cve 18
huntr 1
avleonov 1
openvas
openvas
Ubuntu: Security Advisory (USN-6627-1)
2024-02-09 00:00:00
Debian: Security Advisory (DLA-3280-1)
2023-01-25 00:00:00
Mageia: Security Advisory (MGASA-2023-0093)
2023-03-28 00:00:00
nessus
nessus
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS : libde265 vulnerabilities (USN-6627-1)
2024-02-08 00:00:00
Debian DLA-3240-1 : libde265 - LTS security update
2022-12-16 00:00:00
Debian DLA-3280-1 : libde265 - LTS security update
2023-01-25 00:00:00
ubuntu
ubuntu
libde265 vulnerabilities
2024-02-08 00:00:00
libde265 vulnerabilities
2024-01-30 00:00:00
osv
osv
libde265 vulnerabilities
2024-02-08 13:48:22
libde265 - security update
2023-01-24 00:00:00
libde265 - security update
2023-02-10 00:00:00
debian
debian
[SECURITY] [DLA 3240-1] libde265 security update
2022-12-15 18:13:59
[SECURITY] [DLA 3280-1] libde265 security update
2023-01-24 22:20:48
[SECURITY] [DSA 5346-1] libde265 security update
2023-02-10 19:38:07
freebsd
freebsd
libde256 -- multiple vulnerabilities
2023-01-27 00:00:00
mageia
mageia
Updated libde265 packages fix security vulnerability
2023-03-19 01:16:28
veracode
veracode
Denial Of Service (DoS)
2022-11-03 07:45:12
Denial Of Service (DoS)
2022-01-12 03:41:57
Denial Of Service (DoS)
2022-11-03 06:10:25
prion
prion
Design/Logic Flaw
2022-01-10 23:15:00
Design/Logic Flaw
2022-11-02 14:15:00
Heap overflow
2022-11-02 14:15:00
debiancve
debiancve
CVE-2021-36409
2022-01-10 23:15:00
CVE-2021-36411
2022-01-10 23:15:00
CVE-2022-43241
2022-11-02 14:15:00
alpinelinux
alpinelinux
CVE-2022-43241
2022-11-02 14:15:00
CVE-2022-43237
2022-11-02 14:15:00
CVE-2022-43242
2022-11-02 14:15:00
ubuntucve
ubuntucve
CVE-2022-43252
2022-11-02 00:00:00
CVE-2022-43253
2022-11-02 00:00:00
CVE-2021-36411
2022-01-10 00:00:00
cnvd
cnvd
libde265 has an unspecified vulnerability
2022-01-13 00:00:00
libde265 Access Control Error Vulnerability
2022-01-13 00:00:00
libde265 buffer overflow vulnerability
2022-01-13 00:00:00
cve
cve
CVE-2022-43243
2022-11-02 14:15:00
CVE-2021-36409
2022-01-10 23:15:00
CVE-2021-36410
2022-01-10 23:15:00
huntr
huntr
Heap-based Buffer Overflow in strukturag/libde265
2021-05-13 02:22:15
avleonov
avleonov
Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs
2022-12-30 18:03:13

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.6%

JSON
Related for CFOUNDRY:A9DBFD2484BF1F3091FEB89E228E9BB3
openvas6nessus6ubuntu2osv23debian3freebsd1mageia1veracode18prion18debiancve18alpinelinux18ubuntucve18cnvd5cve18huntr1avleonov1