DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2021-3998", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-3998", "description": "A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.", "published": "2022-08-24T16:15:00", "modified": "2023-02-12T23:43:00", "epss": [{"cve": "CVE-2021-3998", "epss": 0.00161, "percentile": 0.52518, "modified": "2023-12-02"}], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3998", "reporter": "secalert@redhat.com", "references": ["https://www.openwall.com/lists/oss-security/2022/01/24/4", "https://access.redhat.com/security/cve/CVE-2021-3998", "https://sourceware.org/bugzilla/show_bug.cgi?id=28770", "https://security-tracker.debian.org/tracker/CVE-2021-3998", "https://bugzilla.redhat.com/show_bug.cgi?id=2024633", "https://security.netapp.com/advisory/ntap-20221020-0003/", "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ee8d5e33adb284601c00c94687bc907e10aec9bb", "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=84d2d0fe20bdf94feed82b21b4d7d136db471f03"], "cvelist": ["CVE-2021-3998"], "immutableFields": [], "lastseen": "2023-12-02T15:50:38", "viewCount": 84, "enchantments": {"backreferences": {"references": [{"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-3998"]}, {"type": "fedora", "idList": ["FEDORA:57D6C304C758"]}, {"type": "nessus", "idList": ["UBUNTU_USN-5310-1.NASL"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:9F041FBF31AA14C1B0593ECDE945330B"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-3998"]}, {"type": "thn", "idList": ["THN:85C69AD4617097A82E6BB57E4EBB6186"]}, {"type": "ubuntu", "idList": ["USN-5310-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-3998"]}]}, "score": {"value": 8.2, "uncertanity": 0.7, "vector": "NONE"}, "dependencies": {"references": [{"type": "cbl_mariner", "idList": ["CBLMARINER:10675"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:7CCE0B0CA4C32E297BEADD4E79F7EBE9"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-3998"]}, {"type": "fedora", "idList": ["FEDORA:57D6C304C758", "FEDORA:97A66309CD91"]}, {"type": "gentoo", "idList": ["GLSA-202208-24"]}, {"type": "ics", "idList": ["ICSA-23-166-10"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-202208-24.NASL", "UBUNTU_USN-5310-1.NASL"]}, {"type": "prion", "idList": ["PRION:CVE-2021-3998"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:9F041FBF31AA14C1B0593ECDE945330B"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-3998"]}, {"type": "redos", "idList": ["ROS-20220323-02"]}, {"type": "thn", "idList": ["THN:85C69AD4617097A82E6BB57E4EBB6186"]}, {"type": "ubuntu", "idList": ["USN-5310-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-3998"]}]}, "twitter": {"counter": 4, "tweets": [{"link": "https://twitter.com/threatintelctr/status/1562480391549726720", "text": " NEW: CVE-2021-3998 A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. https://t.co/BFftVGjztB", "author": "threatintelctr", "author_photo": "https://pbs.twimg.com/profile_images/904224973987840000/dMy1x9Ho_400x400.jpg"}, {"link": "https://twitter.com/LinInfoSec/status/1562515240574545924", "text": "Bugzilla - CVE-2021-3998: https://t.co/4c2iplPLoU", "author": "LinInfoSec", "author_photo": "https://pbs.twimg.com/profile_images/806629896705507328/nxrtXOrp_400x400.jpg"}, {"link": "https://twitter.com/threatintelctr/status/1589814826179567616", "text": " NEW: CVE-2021-3998 A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. Severity: HIGH https://t.co/BFftVGjztB", "author": "threatintelctr", "author_photo": "https://pbs.twimg.com/profile_images/904224973987840000/dMy1x9Ho_400x400.jpg"}]}, "epss": [{"cve": "CVE-2021-3998", "epss": 0.00092, "percentile": 0.38156, "modified": "2023-05-02"}], "short_description": "A flaw in glibc's realpath() function can lead to information leakage and data disclosur", "tags": ["cve-2021-3998", "glibc", "realpath()", "information leakage", "data disclosure", "nvd"], "vulnersScore": 8.2}, "_state": {"dependencies": 0, "score": 1701534011, "twitter": 0, "affected_software_major_version": 0, "epss": 0, "chatgpt": 0}, "_internal": {"score_hash": "29e1db3f3ecb27bfc982cf0a990ad6e8", "chatgpt": "bcd8b0c2eb1fce714eab6cef0d771acc"}, "cna_cvss": {"cna": "redhat", "cvss": {}}, "cpe": ["cpe:/o:netapp:h410c_firmware:-", "cpe:/o:netapp:h410s_firmware:-", "cpe:/o:netapp:h500s_firmware:-", "cpe:/o:netapp:h300s_firmware:-", "cpe:/a:netapp:ontap_select_deploy_administration_utility:-", "cpe:/o:netapp:h700s_firmware:-"], "cpe23": ["cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*"], "cwe": ["CWE-125"], "affectedSoftware": [{"cpeName": "gnu:glibc", "version": "2.35", "operator": "lt", "name": "gnu glibc"}, {"cpeName": "netapp:ontap_select_deploy_administration_utility", "version": "-", "operator": "eq", "name": "netapp ontap select deploy administration utility"}, {"cpeName": "netapp:h300s_firmware", "version": "-", "operator": "eq", "name": "netapp h300s firmware"}, {"cpeName": "netapp:h500s_firmware", "version": "-", "operator": "eq", "name": "netapp h500s firmware"}, {"cpeName": "netapp:h700s_firmware", "version": "-", "operator": "eq", "name": "netapp h700s firmware"}, {"cpeName": "netapp:h410s_firmware", "version": "-", "operator": "eq", "name": "netapp h410s firmware"}, {"cpeName": "netapp:h410c_firmware", "version": "-", "operator": "eq", "name": "netapp h410c firmware"}], "affectedConfiguration": [{"name": "netapp h300s", "cpeName": "netapp:h300s", "version": "-", "operator": "eq"}, {"name": "netapp h500s", "cpeName": "netapp:h500s", "version": "-", "operator": "eq"}, {"name": "netapp h700s", "cpeName": "netapp:h700s", "version": "-", "operator": "eq"}, {"name": "netapp h410s", "cpeName": "netapp:h410s", "version": "-", "operator": "eq"}, {"name": "netapp h410c", "cpeName": "netapp:h410c", "version": "-", "operator": "eq"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:gnu:glibc:2.35:*:*:*:*:*:*:*", "versionStartIncluding": "2.33", "versionEndExcluding": "2.35", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}]}, "extraReferences": [{"url": "https://www.openwall.com/lists/oss-security/2022/01/24/4", "name": "https://www.openwall.com/lists/oss-security/2022/01/24/4", "refsource": "MISC", "tags": ["Mailing List", "Patch", "Third Party Advisory"]}, {"url": "https://access.redhat.com/security/cve/CVE-2021-3998", "name": "https://access.redhat.com/security/cve/CVE-2021-3998", "refsource": "MISC", "tags": ["Third Party Advisory"]}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28770", "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=28770", "refsource": "MISC", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"]}, {"url": "https://security-tracker.debian.org/tracker/CVE-2021-3998", "name": "https://security-tracker.debian.org/tracker/CVE-2021-3998", "refsource": "MISC", "tags": ["Third Party Advisory"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024633", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2024633", "refsource": "MISC", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20221020-0003/", "name": "https://security.netapp.com/advisory/ntap-20221020-0003/", "refsource": "CONFIRM", "tags": ["Third Party Advisory"]}, {"url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ee8d5e33adb284601c00c94687bc907e10aec9bb", "name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ee8d5e33adb284601c00c94687bc907e10aec9bb", "refsource": "MISC", "tags": []}, {"url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=84d2d0fe20bdf94feed82b21b4d7d136db471f03", "name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=84d2d0fe20bdf94feed82b21b4d7d136db471f03", "refsource": "MISC", "tags": []}], "product_info": [{"vendor": "Netapp", "product": "H500s_firmware"}, {"vendor": "Netapp", "product": "H410s_firmware"}, {"vendor": "Netapp", "product": "H700s_firmware"}, {"vendor": "Netapp", "product": "H410c_firmware"}, {"vendor": "Netapp", "product": "Ontap_select_deploy_administration_utility"}, {"vendor": "Netapp", "product": "H300s_firmware"}, {"vendor": "Gnu", "product": "Glibc"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-125 - Out-of-bounds Read", "cweId": "CWE-125"}]}], "exploits": [], "assigned": "2021-11-22T00:00:00"}

{"debiancve": [{"lastseen": "2023-12-01T18:24:57", "description": "A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-24T16:15:00", "type": "debiancve", "title": "CVE-2021-3998", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3998"], "modified": "2022-08-24T16:15:00", "id": "DEBIANCVE:CVE-2021-3998", "href": "https://security-tracker.debian.org/tracker/CVE-2021-3998", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cbl_mariner": [{"lastseen": "2023-12-02T08:18:19", "description": "CVE-2021-3998 affecting package glibc 2.35-2. This CVE either no longer is or was never applicable.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-12-02T08:18:19", "type": "cbl_mariner", "title": "CVE-2021-3998 affecting package glibc 2.35-2", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3998"], "modified": "2023-12-02T08:18:19", "id": "CBLMARINER:10675", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "prion": [{"lastseen": "2023-11-22T01:01:09", "description": "A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-24T16:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3998"], "modified": "2023-02-12T23:43:00", "id": "PRION:CVE-2021-3998", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-3998", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntucve": [{"lastseen": "2023-12-02T13:47:49", "description": "A flaw was found in glibc. The realpath() function can mistakenly return an\nunexpected value, potentially leading to information leakage and disclosure\nof sensitive data.\n\n#### Bugs\n\n * <https://sourceware.org/bugzilla/show_bug.cgi?id=28770>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | introduced by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c6e0b0b5b0b\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-01T00:00:00", "type": "ubuntucve", "title": "CVE-2021-3998", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3998"], "modified": "2022-02-01T00:00:00", "id": "UB:CVE-2021-3998", "href": "https://ubuntu.com/security/CVE-2021-3998", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redhatcve": [{"lastseen": "2023-12-01T17:43:35", "description": "A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.\n#### Mitigation\n\nMitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-01-11T17:24:17", "type": "redhatcve", "title": "CVE-2021-3998", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3998"], "modified": "2023-11-22T17:52:05", "id": "RH:CVE-2021-3998", "href": "https://access.redhat.com/security/cve/cve-2021-3998", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redos": [{"lastseen": "2023-12-02T16:31:04", "description": "A vulnerability in the glibc system library is related to a boundary error in the clnt_create() function in module\r\n sunrpc module. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted input data to an application using a vulnerable version of the library.\r\n specially crafted input data to an application that uses a vulnerable version of the library, cause memory corruption, and execute arbitrary code in the\r\n memory corruption and execute arbitrary code on the target system\n\nA vulnerability in the glibc system library is related to a random error in the glibc getcwd() function. Exploitation\r\n The vulnerability could allow an attacker acting remotely to pass specially crafted input data to an application using a version of the vulnerability.\r\n data to an application using a version of the vulnerable library, trigger a one-by-one error, and execute the\r\n arbitrary code on the target system\n\nThe glibc system library vulnerability is related to a boundary error in svcunix_create() in the sunrpc ib module\r\n glibc. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially\r\n specially crafted input data to an application using a vulnerable version of the library, cause memory corruption, and execute arbitrary code in the\r\n memory corruption and execute arbitrary code on the target system\n\nThe glibc system library vulnerability involves a memory leak in the glibc realpath() function. Exploitation\r\n vulnerability could allow a remote attacker to force an application to leak memory and execute a denial-of-service attack.\r\n memory leak and perform a denial of service attack or gain access to sensitive information", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-23T00:00:00", "type": "redos", "title": "ROS-20220323-02", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3998", "CVE-2021-3999", "CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-03-23T00:00:00", "id": "ROS-20220323-02", "href": "https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-glibc-cve-2022-23219-cve-2022-23218-cve-2021-3999-cve-2021-3998/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2023-12-02T16:02:16", "description": "The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-04T01:25:20", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: glibc-2.34-24.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3998", "CVE-2021-3999", "CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-02-04T01:25:20", "id": "FEDORA:97A66309CD91", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CEERCMZ4PGJ4AMEIOW6Y5IDBRG33YJF3/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T16:02:16", "description": "The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-03T01:12:32", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: glibc-2.33-21.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3998", "CVE-2021-3999", "CVE-2022-2321", "CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-02-03T01:12:32", "id": "FEDORA:57D6C304C758", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/P4R5YTUHS7OZ4HZCUKF6SRVXGDHSZAOF/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2023-12-02T16:56:24", "description": "### Background\n\nThe GNU C library is the standard C library used by Gentoo Linux systems. It provides programs with basic facilities and interfaces to system calls. ld.so is the dynamic linker which prepares dynamically linked programs for execution by resolving runtime dependencies and related functions.\n\n### Description\n\nMultiple vulnerabilities have been discovered in GNU C Library. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GNU C Library users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-libs/glibc-2.34-r7\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-14T00:00:00", "type": "gentoo", "title": "GNU C Library: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35942", "CVE-2021-38604", "CVE-2021-3998", "CVE-2021-3999", "CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-08-14T00:00:00", "id": "GLSA-202208-24", "href": "https://security.gentoo.org/glsa/202208-24", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2022-05-09T12:37:32", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEg_O3UT9-eSaotLlYT_E-3sdZdAVxUIvQwoDWA-rjw9JOsCuFa8Al99uMIrj6SGHkbmvGqai3kGQoZAxJXSk3tlzOTqQyVvsGHNttK33F-3i-cMxvSVnw6qfNs9f4CID1nVlfFDvZTLW2TQXVSv7jIs7fAsoQr99Rl2SdjQQ1F7e117koOh4D7EbC86>)\n\nMultiple security vulnerabilities have been disclosed in Canonical's [Snap](<https://en.wikipedia.org/wiki/Snap_\\(package_manager\\)>) software packaging and deployment system, the most critical of which can be exploited to escalate privilege to gain root privileges.\n\nSnaps are self-contained application packages that are designed to work on operating systems that use the Linux kernel and can be installed using a tool called snapd.\n\nTracked as **CVE-2021-44731**, the issue concerns a privilege escalation flaw in the [snap-confine](<https://manpages.ubuntu.com/manpages/bionic/man1/snap-confine.1.html>) function, a program used internally by snapd to construct the execution environment for snap applications. The shortcoming is rated 7.8 on the CVSS scoring system.\n\n\"Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host,\" Bharat Jogi, director of vulnerability and threat research at Qualys, [said](<https://blog.qualys.com/vulnerabilities-threat-research/2022/02/17/oh-snap-more-lemmings-local-privilege-escalation-vulnerability-discovered-in-snap-confine-cve-2021-44731>), adding the weakness could be abused to \"obtain full root privileges on default installations of Ubuntu.\"\n\nRed Hat, in an independent advisory, described the issue as a \"race condition\" in the snap-confine component.\n\n\"A race condition in snap-confine exists when preparing a private mount namespace for a snap,\" the company [noted](<https://ubuntu.com/security/CVE-2021-44731>). \"This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence privilege escalation.\"\n\nAdditionally discovered by the cybersecurity firm are six other flaws \u2013\n\n * **CVE-2021-3995** \u2013 Unauthorized unmount in util-linux's libmount\n * **CVE-2021-3996** \u2013 Unauthorized unmount in util-linux's libmount\n * **CVE-2021-3997** \u2013 Uncontrolled recursion in systemd's systemd-tmpfiles\n * **CVE-2021-3998** \u2013 Unexpected return value from glibc's realpath()\n * **CVE-2021-3999** \u2013 Off-by-one buffer overflow/underflow in glibc's getcwd()\n * **CVE-2021-44730** \u2013 Hardlink attack in snap-confine's sc_open_snapd_tool()\n\nThe vulnerability was reported to the Ubuntu security team on October 27, 2021, following which patches were released on February 17 as part of a coordinated disclosure process.\n\nQualys also pointed out that while the flaw isn't remotely exploitable, an attacker that has logged in as an unprivileged user can \"quickly\" exploit the bug to gain root permissions, necessitating that the patches are applied as soon as possible to mitigate potential threats.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-18T08:37:00", "type": "thn", "title": "New Linux Privilege Escalation Flaw Uncovered in Snap Package Manager", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996", "CVE-2021-3997", "CVE-2021-3998", "CVE-2021-3999", "CVE-2021-44730", "CVE-2021-44731"], "modified": "2022-02-18T08:37:46", "id": "THN:85C69AD4617097A82E6BB57E4EBB6186", "href": "https://thehackernews.com/2022/02/new-linux-privilege-escalation-flaw.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-10-18T14:55:08", "description": "The remote host is affected by the vulnerability described in GLSA-202208-24 (GNU C Library: Multiple Vulnerabilities)\n\n - The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. (CVE-2021-35942)\n\n - In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix. (CVE-2021-38604)\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\n - Please review the referenced CVE identifiers for details. (CVE-2021-3998)\n\n - glibc: Off-by-one buffer overflow/underflow in getcwd() (CVE-2021-3999)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-15T00:00:00", "type": "nessus", "title": "GLSA-202208-24 : GNU C Library: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33574", "CVE-2021-35942", "CVE-2021-38604", "CVE-2021-3998", "CVE-2021-3999", "CVE-2022-23218", "CVE-2022-23219"], "modified": "2023-10-16T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:glibc", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202208-24.NASL", "href": "https://www.tenable.com/plugins/nessus/164108", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202208-24.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164108);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2021-3998\",\n \"CVE-2021-3999\",\n \"CVE-2021-35942\",\n \"CVE-2021-38604\",\n \"CVE-2022-23218\",\n \"CVE-2022-23219\"\n );\n\n script_name(english:\"GLSA-202208-24 : GNU C Library: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202208-24 (GNU C Library: Multiple Vulnerabilities)\n\n - The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in\n parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in\n a denial of service or disclosure of information. This occurs because atoi was used but strtoul should\n have been used to ensure correct calculations. (CVE-2021-35942)\n\n - In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles\n certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was\n introduced as a side effect of the CVE-2021-33574 fix. (CVE-2021-38604)\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\n - Please review the referenced CVE identifiers for details. (CVE-2021-3998)\n\n - glibc: Off-by-one buffer overflow/underflow in getcwd() (CVE-2021-3999)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202208-24\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=803437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=807935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=831096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=831212\");\n script_set_attribute(attribute:\"solution\", value:\n\"All GNU C Library users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=sys-libs/glibc-2.34-r7\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"sys-libs/glibc\",\n 'unaffected' : make_list(\"ge 2.34\"),\n 'vulnerable' : make_list(\"lt 2.34\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GNU C Library\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T14:45:27", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5310-1 advisory.\n\n - The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. (CVE-2016-10228)\n\n - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi- byte input sequences in the EUC-KR encoding, may have a buffer over-read. (CVE-2019-25013)\n\n - An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out- of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred.\n The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data. (CVE-2020-6096)\n\n - The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. (CVE-2020-27618)\n\n - The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. (CVE-2020-29562)\n\n - The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. (CVE-2021-3326)\n\n - The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.\n (CVE-2021-27645)\n\n - The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. (CVE-2021-35942)\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-01T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : GNU C Library vulnerabilities (USN-5310-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10228", "CVE-2019-25013", "CVE-2020-27618", "CVE-2020-29562", "CVE-2020-6096", "CVE-2021-27645", "CVE-2021-3326", "CVE-2021-35942", "CVE-2021-3998", "CVE-2021-3999", "CVE-2022-23218", "CVE-2022-23219"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:glibc-source", "p-cpe:/a:canonical:ubuntu_linux:libc-bin", "p-cpe:/a:canonical:ubuntu_linux:libc-dev-bin", "p-cpe:/a:canonical:ubuntu_linux:libc6", "p-cpe:/a:canonical:ubuntu_linux:libc6-amd64", "p-cpe:/a:canonical:ubuntu_linux:libc6-armel", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev-amd64", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev-armel", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev-i386", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev-s390", "p-cpe:/a:canonical:ubuntu_linux:libc6-dev-x32", "p-cpe:/a:canonical:ubuntu_linux:libc6-i386", "p-cpe:/a:canonical:ubuntu_linux:libc6-lse", "p-cpe:/a:canonical:ubuntu_linux:libc6-pic", "p-cpe:/a:canonical:ubuntu_linux:libc6-prof", "p-cpe:/a:canonical:ubuntu_linux:libc6-s390", "p-cpe:/a:canonical:ubuntu_linux:libc6-x32", "p-cpe:/a:canonical:ubuntu_linux:locales", "p-cpe:/a:canonical:ubuntu_linux:locales-all", "p-cpe:/a:canonical:ubuntu_linux:multiarch-support", "p-cpe:/a:canonical:ubuntu_linux:nscd"], "id": "UBUNTU_USN-5310-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158502", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5310-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158502);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2016-10228\",\n \"CVE-2019-25013\",\n \"CVE-2020-6096\",\n \"CVE-2020-27618\",\n \"CVE-2020-29562\",\n \"CVE-2021-3326\",\n \"CVE-2021-3998\",\n \"CVE-2021-3999\",\n \"CVE-2021-27645\",\n \"CVE-2021-35942\",\n \"CVE-2022-23218\",\n \"CVE-2022-23219\"\n );\n script_xref(name:\"USN\", value:\"5310-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : GNU C Library vulnerabilities (USN-5310-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-5310-1 advisory.\n\n - The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple\n suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite\n loop when processing invalid multi-byte input sequences, leading to a denial of service. (CVE-2016-10228)\n\n - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-\n byte input sequences in the EUC-KR encoding, may have a buffer over-read. (CVE-2019-25013)\n\n - An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc\n 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative\n value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the\n 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-\n of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows\n for program execution to continue in scenarios where a segmentation fault or crash should have occurred.\n The dangers occur in that subsequent execution and iterations of this code will be executed with this\n corrupted data. (CVE-2020-6096)\n\n - The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid\n multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance\n the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a\n different vulnerability from CVE-2016-10228. (CVE-2020-27618)\n\n - The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text\n containing an irreversible character, fails an assertion in the code path and aborts the program,\n potentially resulting in a denial of service. (CVE-2020-29562)\n\n - The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid\n input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program,\n potentially resulting in a denial of service. (CVE-2021-3326)\n\n - The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when\n processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in\n degraded service or Denial of Service on the local system. This is related to netgroupcache.c.\n (CVE-2021-27645)\n\n - The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in\n parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in\n a denial of service or disclosure of information. This occurs because atoi was used but strtoul should\n have been used to ensure correct calculations. (CVE-2021-35942)\n\n - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its path argument on the stack without validating its length, which may result in a\n buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23218)\n\n - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)\n through 2.34 copies its hostname argument on the stack without validating its length, which may result in\n a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a\n stack protector enabled) arbitrary code execution. (CVE-2022-23219)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5310-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23219\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:glibc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc-dev-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-dev-x32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-lse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-pic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-prof\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libc6-x32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:locales\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:locales-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:multiarch-support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nscd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'glibc-source', 'pkgver': '2.27-3ubuntu1.5'},\n {'osver': '18.04', 'pkgname': 'libc-bin', 'pkgver': '2.27-3ubuntu1.5'},\n {'osver': '18.04', 'pkgname': 'libc-dev-bin', 'pkgver': '2.27-3ubuntu1.5'},\n {'osver': '18.04', 'pkgname': 'libc6', 'pkgver': '2.27-3ubuntu1.5'},\n {'osver': '18.04', 'pkgname': 'libc6-amd64', 'pkgver': '2.27-3ubuntu1.5'},\n {'osver': '18.04', 'pkgname': 'libc6-armel', 'pkgver': '2.27-3ubuntu1.5'},\n {'osver': '18.04', 'pkgname': 'libc6-dev', 'pkgver': '2.27-3ubuntu1.5'},\n {'osver': '18.04', 'pkgname': 'libc6-dev-amd64', 'pkgver': '2.27-3ubuntu1.5'},\n {'osver': '18.04', 'pkgname': 'libc6-dev-armel', 'pkgver': '2.27-3ubuntu1.5'},\n {'osver': '18.04', 'pkgname': 'libc6-dev-i386', 'pkgver': '2.27-3ubuntu1.5'},\n {'osver': '18.04', 'pkgname': 'libc6-dev-s390', 'pkgver': '2.27-3ubuntu1.5'},\n {'osver': '18.04', 'pkgname': 'libc6-dev-x32', 'pkgver': '2.27-3ubuntu1.5'},\n {'osver': '18.04', 'pkgname': 'libc6-i386', 'pkgver': '2.27-3ubuntu1.5'},\n {'osver': '18.04', 'pkgname': 'libc6-lse', 'pkgver': '2.27-3ubuntu1.5'},\n {'osver': '18.04', 'pkgname': 'libc6-pic', 'pkgver': '2.27-3ubuntu1.5'},\n {'osver': '18.04', 'pkgname': 'libc6-s390', 'pkgver': '2.27-3ubuntu1.5'},\n {'osver': '18.04', 'pkgname': 'libc6-x32', 'pkgver': '2.27-3ubuntu1.5'},\n {'osver': '18.04', 'pkgname': 'locales', 'pkgver': '2.27-3ubuntu1.5'},\n {'osver': '18.04', 'pkgname': 'locales-all', 'pkgver': '2.27-3ubuntu1.5'},\n {'osver': '18.04', 'pkgname': 'multiarch-support', 'pkgver': '2.27-3ubuntu1.5'},\n {'osver': '18.04', 'pkgname': 'nscd', 'pkgver': '2.27-3ubuntu1.5'},\n {'osver': '20.04', 'pkgname': 'glibc-source', 'pkgver': '2.31-0ubuntu9.7'},\n {'osver': '20.04', 'pkgname': 'libc-bin', 'pkgver': '2.31-0ubuntu9.7'},\n {'osver': '20.04', 'pkgname': 'libc-dev-bin', 'pkgver': '2.31-0ubuntu9.7'},\n {'osver': '20.04', 'pkgname': 'libc6', 'pkgver': '2.31-0ubuntu9.7'},\n {'osver': '20.04', 'pkgname': 'libc6-amd64', 'pkgver': '2.31-0ubuntu9.7'},\n {'osver': '20.04', 'pkgname': 'libc6-armel', 'pkgver': '2.31-0ubuntu9.7'},\n {'osver': '20.04', 'pkgname': 'libc6-dev', 'pkgver': '2.31-0ubuntu9.7'},\n {'osver': '20.04', 'pkgname': 'libc6-dev-amd64', 'pkgver': '2.31-0ubuntu9.7'},\n {'osver': '20.04', 'pkgname': 'libc6-dev-armel', 'pkgver': '2.31-0ubuntu9.7'},\n {'osver': '20.04', 'pkgname': 'libc6-dev-i386', 'pkgver': '2.31-0ubuntu9.7'},\n {'osver': '20.04', 'pkgname': 'libc6-dev-s390', 'pkgver': '2.31-0ubuntu9.7'},\n {'osver': '20.04', 'pkgname': 'libc6-dev-x32', 'pkgver': '2.31-0ubuntu9.7'},\n {'osver': '20.04', 'pkgname': 'libc6-i386', 'pkgver': '2.31-0ubuntu9.7'},\n {'osver': '20.04', 'pkgname': 'libc6-lse', 'pkgver': '2.31-0ubuntu9.7'},\n {'osver': '20.04', 'pkgname': 'libc6-pic', 'pkgver': '2.31-0ubuntu9.7'},\n {'osver': '20.04', 'pkgname': 'libc6-prof', 'pkgver': '2.31-0ubuntu9.7'},\n {'osver': '20.04', 'pkgname': 'libc6-s390', 'pkgver': '2.31-0ubuntu9.7'},\n {'osver': '20.04', 'pkgname': 'libc6-x32', 'pkgver': '2.31-0ubuntu9.7'},\n {'osver': '20.04', 'pkgname': 'locales', 'pkgver': '2.31-0ubuntu9.7'},\n {'osver': '20.04', 'pkgname': 'locales-all', 'pkgver': '2.31-0ubuntu9.7'},\n {'osver': '20.04', 'pkgname': 'nscd', 'pkgver': '2.31-0ubuntu9.7'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glibc-source / libc-bin / libc-dev-bin / libc6 / libc6-amd64 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "qualysblog": [{"lastseen": "2022-02-28T21:32:51", "description": "\n\nThe Qualys Research Team has discovered multiple vulnerabilities in the snap-confine function on Linux operating systems, the most important of which can be exploited to escalate privilege to gain root privileges. Qualys recommends security teams apply patches for these vulnerabilities as soon as possible.\n\n### About snap-confine\n\nSnap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel. The packages, called snaps, and the tool for using them, snapd, work across a range of Linux distributions and allow upstream software developers to distribute their applications directly to users. Snaps are self-contained applications running in a sandbox with mediated access to the host system. Snap-confine is a program used internally by snapd to construct the execution environment for snap applications.\n\n### Potential Impact of Oh Snap! More Lemmings Vulnerability\n\nSuccessful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu.\n\nAs soon as the Qualys Research Team confirmed the vulnerability, we engaged in responsible vulnerability disclosure and coordinated with both vendor and open-source distributions in announcing this newly discovered vulnerability.\n\n# Vulnerability Disclosure Timeline\n\n * 2021-10-27: We sent our advisory and proofs-of-concepts to [security@ubuntu](<mailto://security@ubuntu>).\n * 2021-11-10: We sent our advisory and proofs-of-concepts (without the snap-confine vulnerabilities) to [secalert@redhat](<mailto://secalert@redhat>).\n * 2021-12-29: We sent a write-up and the patch for the systemd vulnerability to [linux-distros@openwall](<mailto://linux-distros@openwall>).\n * 2022-01-10: We published our write-up on the systemd vulnerability (<https://www.openwall.com/lists/oss-security/2022/01/10/2>).\n * 2022-01-12: Red Hat filed the glibc vulnerabilities upstream (<https://sourceware.org/bugzilla/show_bug.cgi?id=28769> and <https://sourceware.org/bugzilla/show_bug.cgi?id=28770>).\n * 2022-01-20: We sent a write-up and the patches for the util-linux vulnerabilities to [linux-distros@openwall](<mailto://linux-distros@openwall>).\n * 2022-01-24: We published our write-up on the util-linux vulnerabilities (<https://www.openwall.com/lists/oss-security/2022/01/24/2>).\n * 2022-01-24: We published our write-up on the glibc vulnerabilities (<https://www.openwall.com/lists/oss-security/2022/01/24/4>).\n * 2022-02-03: We sent our advisory and Ubuntu sent their patches for the snap-confine vulnerabilities to [linux-distros@openwall](<mailto://linux-distros@openwall>).\n * 2022-02-17: Coordinated Release Date (5:00 PM UTC) for the snap-confine\n * vulnerabilities.\n\n### Proof of Concept Video of Oh Snap! More Lemmings Exploit\n\n### Vulnerability Summary\n\nCVE| Description \n---|--- \nCVE-2021-44731| Race condition in snap-confine&#x27;s setup_private_mount() \nCVE-2021-44730| Hardlink attack in snap-confine&#x27;s sc_open_snapd_tool() \nCVE-2021-3996| Unauthorized unmount in util-linux&#x27;s libmount \nCVE-2021-3995| Unauthorized unmount in util-linux&#x27;s libmount \nCVE-2021-3998| Unexpected return value from glibc&#x27;s realpath() \nCVE-2021-3999| Off-by-one buffer overflow/underflow in glibc&#x27;s getcwd() \nCVE-2021-3997| Uncontrolled recursion in systemd&#x27;s systemd-tmpfiles \n \n### Technical Details of Oh Snap! More Lemmings Vulnerability\n\nThe technical details of Oh Snap! More Lemmings vulnerabilities can be found at[ <https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt>](<https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt>).\n\n### Solution: How to Patch the Oh Snap! More Lemmings Vulnerability\n\nCurrent Qualys customers can search the vulnerability knowledgebase for CVE-2021-44731 to identify all the QIDs and assets vulnerable for this vulnerability.\n\nOther interested parties can start a free Qualys VMDR trial to get full access to the QIDs (detections) for CVE-2021- 44731, where all vulnerable assets can be identified.\n\n#### Qualys QID Coverage\n\nQualys is releasing the QIDs in the table below as they become available, starting with vulnsigs version VULNSIGS-2.5.407-2 and in Linux Cloud Agent manifest version lx_manifest-2.5.407.2-1\n\n**QID**| **Title**| **VulnSigs Version** \n---|---|--- \n376419| Snap-Confine Local Privilege Escalation Vulnerability (Oh Snap! More Lemmings)| VULNSIGS-2.5.407-2 / LX_MANIFEST- VULNSIGS-2.5.407.2-1 \n \n### Discover Vulnerable Linux Servers Using Qualys VMDR\n\nThe following instructs current Qualys customers on how to detect Oh Snap! More Lemmings in their environment.\n\n#### Identify Assets Running Ubuntu Operating System\n\nThe first step in managing this critical vulnerability and reducing risk is identification of all assets running Ubuntu OS. [Qualys VMDR](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) makes it easy to identify such assets.\n\n_operatingSystem.name:&quot;Ubuntu&quot;_\n\n\n\nOnce the hosts are identified, they can be grouped together with a \u2018dynamic tag\u2019; let\u2019s say: \u201cUbuntu Systems\u201d. This helps by automatically grouping existing hosts with the above vulnerabilities as well as any new assets that spin up in your environment. Tagging makes these grouped assets available for querying, reporting, and management throughout [Qualys Cloud Platform](<https://www.qualys.com/cloud-platform/>).\n\n### Prioritize Based on RTIs\n\nUsing Qualys VMDR, the Oh Snap! More Lemmings vulnerability can be prioritized using the following real-time threat indicators (RTIs):\n\nPredicted_High_Risk \nPrivilege_Escalation \nEasy_Exploit \nHigh_Lateral_Movement\n\n\n\n### Patch With Qualys VMDR\n\nWe expect vendors to release patches for this vulnerability in the short term. Qualys Patch Management can be used to deploy those patches to vulnerable assets, when available.\n\nUsing the same prioritization based on RTI method as described above, customers can use the \u201cpatch now\u201d button found to the right of the vulnerability to add Oh Snap! More Lemmings to a patch job. Once patches are released, Qualys will find the relevant patches for this vulnerability and automatically add those patches to a patch job. This will allow customers to deploy those patches to vulnerable devices, all from Qualys Cloud Platform. \n\n### Detect Impacted Assets with Threat Protection\n\nQualys VMDR also enables you to automatically map assets vulnerable to Oh Snap! More Lemmings vulnerabilities using Threat Protect.\n\n\n\n### Track Vulnerability with VMDR Dashboard\n\nWith VMDR Unified Dashboard, you can track this vulnerability, impacted hosts, their status, and overall management in real time. With trending enabled for dashboard widgets, you can keep track of these vulnerability trends in your environment using the \u201cOh Snap! More Lemmings\u201d Dashboard.\n\n[View and download the &quot;Oh Snap! More Lemmings\u201d dashboard](<https://blog.qualys.com/wp-content/uploads/2022/02/oh-snap-more-lemmings-dashboard.zip>)[Download](<https://blog.qualys.com/wp-content/uploads/2022/02/oh-snap-more-lemmings-dashboard.zip>)\n\n\n\n### Vendor References\n\n<https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt>\n\n### Frequently Asked Questions (FAQs)\n\n#### Will the Qualys Research Team publish exploit code for this vulnerability?\n\nNo. Not at this time.\n\n#### Are there any mitigations for this vulnerability?\n\nNo.\n\n#### Is this vulnerability remotely exploitable?\n\nNo. But if an attacker can log in as any unprivileged user, the vulnerability can be quickly exploited to gain root privileges.\n\n#### Why is the vulnerability named \u201cOh Snap! More Lemmings Kit\u201d?\n\nThis is a pun intended on the name of the vulnerable application snap-confine.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-17T19:15:55", "type": "qualysblog", "title": "Oh Snap! More Lemmings: Local Privilege Escalation Vulnerability Discovered in snap-confine (CVE-2021-44731)", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996", "CVE-2021-3997", "CVE-2021-3998", "CVE-2021-3999", "CVE-2021-44730", "CVE-2021-44731"], "modified": "2022-02-17T19:15:55", "id": "QUALYSBLOG:9F041FBF31AA14C1B0593ECDE945330B", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2023-12-02T16:48:21", "description": "## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nJan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could possibly use this issue to cause the GNU C Library to hang or crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2016-10228, CVE-2019-25013, CVE-2020-27618, CVE-2020-29562, CVE-2021-3326) Jason Royes and Samuel Dytrych discovered that the GNU C Library incorrectly handled signed comparisons on ARMv7 targets. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-6096) It was discovered that the GNU C Library nscd daemon incorrectly handled certain netgroup lookups. An attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-27645) It was discovered that the GNU C Library wordexp function incorrectly handled certain patterns. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-35942) It was discovered that the GNU C Library realpath function incorrectly handled return values. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 21.10. (CVE-2021-3998) It was discovered that the GNU C library getcwd function incorrectly handled buffers. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-3999) It was discovered that the GNU C Library sunrpc module incorrectly handled buffer lengths. An attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service. (CVE-2022-23218, CVE-2022-23219) Update Instructions: Run `sudo pro fix USN-5310-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc6-i386 \u2013 2.27-3ubuntu1.5 libc6-dev-s390 \u2013 2.27-3ubuntu1.5 glibc-source \u2013 2.27-3ubuntu1.5 libc-bin \u2013 2.27-3ubuntu1.5 libc6-x32 \u2013 2.27-3ubuntu1.5 libc6-s390 \u2013 2.27-3ubuntu1.5 libc6-armel \u2013 2.27-3ubuntu1.5 libc6-pic \u2013 2.27-3ubuntu1.5 libc6-dev-armel \u2013 2.27-3ubuntu1.5 glibc-doc \u2013 2.27-3ubuntu1.5 multiarch-support \u2013 2.27-3ubuntu1.5 libc6-dev \u2013 2.27-3ubuntu1.5 libc6-amd64 \u2013 2.27-3ubuntu1.5 libc6-dev-amd64 \u2013 2.27-3ubuntu1.5 libc6 \u2013 2.27-3ubuntu1.5 locales-all \u2013 2.27-3ubuntu1.5 libc6-dev-x32 \u2013 2.27-3ubuntu1.5 locales \u2013 2.27-3ubuntu1.5 libc6-lse \u2013 2.27-3ubuntu1.5 libc6-dev-i386 \u2013 2.27-3ubuntu1.5 libc-dev-bin \u2013 2.27-3ubuntu1.5 nscd \u2013 2.27-3ubuntu1.5 No subscription required\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Bionic Stemcells \n * 1.x versions prior to 1.67\n * All other stemcells not listed.\n * cflinuxfs3 \n * All versions prior to 0.275.0\n * CF Deployment \n * All versions prior to 19.0.0, or later versions with Bionic Stemcells prior to 1.67\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Bionic Stemcells \n * Upgrade 1.x versions to 1.67 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n * cflinuxfs3 \n * Upgrade all versions to 0.275.0 or greater\n * CF Deployment \n * Upgrade all versions to 19.0.0 or greater and upgrade Bionic Stemcells to 1.67 or greater\n\n## References\n\n * [USN Notice](<https://ubuntu.com/security/notices/USN-5310-1>)\n\n## History\n\n2023-05-16: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-18T00:00:00", "type": "cloudfoundry", "title": "USN-5310-1: GNU C Library vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228", "CVE-2019-25013", "CVE-2020-27618", "CVE-2020-29562", "CVE-2020-6096", "CVE-2021-27645", "CVE-2021-3326", "CVE-2021-35942", "CVE-2021-3998", "CVE-2021-3999", "CVE-2022-23218", "CVE-2022-23219"], "modified": "2023-05-18T00:00:00", "id": "CFOUNDRY:7CCE0B0CA4C32E297BEADD4E79F7EBE9", "href": "https://www.cloudfoundry.org/blog/usn-5310-1-gnu-c-library-vulnerabilities/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-12-01T20:49:01", "description": "## Releases\n\n * Ubuntu 21.10 \n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * glibc \\- GNU C Library\n\nJan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library \niconv feature incorrectly handled certain input sequences. An attacker \ncould possibly use this issue to cause the GNU C Library to hang or crash, \nresulting in a denial of service. This issue only affected Ubuntu 18.04 LTS \nand Ubuntu 20.04 LTS. (CVE-2016-10228, CVE-2019-25013, CVE-2020-27618, \nCVE-2020-29562, CVE-2021-3326)\n\nJason Royes and Samuel Dytrych discovered that the GNU C Library \nincorrectly handled signed comparisons on ARMv7 targets. A remote attacker \ncould use this issue to cause the GNU C Library to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. This issue only \naffected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-6096)\n\nIt was discovered that the GNU C Library nscd daemon incorrectly handled \ncertain netgroup lookups. An attacker could possibly use this issue to \ncause the GNU C Library to crash, resulting in a denial of service. This \nissue only affected Ubuntu 20.04 LTS. (CVE-2021-27645)\n\nIt was discovered that the GNU C Library wordexp function incorrectly \nhandled certain patterns. An attacker could use this issue to cause the \nGNU C Library to crash, resulting in a denial of service, or possibly \nobtain sensitive information. This issue only affected Ubuntu 18.04 LTS and \nUbuntu 20.04 LTS. (CVE-2021-35942)\n\nIt was discovered that the GNU C Library realpath function incorrectly \nhandled return values. An attacker could possibly use this issue to obtain \nsensitive information. This issue only affected Ubuntu 21.10. \n(CVE-2021-3998)\n\nIt was discovered that the GNU C library getcwd function incorrectly \nhandled buffers. An attacker could use this issue to cause the GNU C \nLibrary to crash, resulting in a denial of service, or possibly execute \narbitrary code. (CVE-2021-3999)\n\nIt was discovered that the GNU C Library sunrpc module incorrectly handled \nbuffer lengths. An attacker could possibly use this issue to cause the GNU \nC Library to crash, resulting in a denial of service. (CVE-2022-23218, \nCVE-2022-23219)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-01T00:00:00", "type": "ubuntu", "title": "GNU C Library vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228", "CVE-2019-25013", "CVE-2020-27618", "CVE-2020-29562", "CVE-2020-6096", "CVE-2021-27645", "CVE-2021-3326", "CVE-2021-35942", "CVE-2021-3998", "CVE-2021-3999", "CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-03-01T00:00:00", "id": "USN-5310-1", "href": "https://ubuntu.com/security/notices/USN-5310-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ics": [{"lastseen": "2023-12-02T17:20:18", "description": "## As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see [Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).](<https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications>)\n\n## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 9.8 **\n * **ATTENTION:** Exploitable remotely / low attack complexity\n * **Vendor: **Siemens\n * **Equipment:** SIMATIC S7-1500 TM MFP\n * **Vulnerabilities:** Improper Input Validation, Out-of-bounds Read, Use After Free, Out-of-bounds Write, Infinite Loop, Reachable Assertion, Off-by-one Error, Incorrect Default Permissions, Double Free, Improper Handling of Exceptional Conditions, Integer Overflow or Wraparound, NULL Pointer Dereference, Release of Invalid Pointer or Reference, Race Condition, Improper Restriction of Operations within the Bounds of a Memory Buffer, Non-exit on Failed Initialization, Missing Encryption of Sensitive Data, Classic Buffer Overflow, Uncontrolled Resource Consumption\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities may lead to denial of service, arbitrary code execution, information leakage, disclosure of sensitive data, or privilege escalation.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nSiemens reports these vulnerabilities affect the BIOS of the following SIMATIC S7-1500 products:\n\n * SIMATIC S7-1500 TM MFP - BIOS: all versions\n\n### 3.2 VULNERABILITY OVERVIEW\n\n**3.2.1 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)**\n\nThe iconv program in the GNU C library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.\n\n[CVE-2016-10228](<https://nvd.nist.gov/vuln/detail/CVE-2016-10228>) has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n**3.2.2 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)**\n\nThe iconv feature in the GNU C library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.\n\n[CVE-2019-25013](<https://nvd.nist.gov/vuln/detail/CVE-2019-25013>) has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n**3.2.3 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)**\n\nA use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.\n\n[CVE-2020-1752](<https://nvd.nist.gov/vuln/detail/CVE-2020-1752>) has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H>)).\n\n**3.2.4 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>)**\n\nThe GNU C library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.\n\n[CVE-2020-10029](<https://nvd.nist.gov/vuln/detail/CVE-2020-10029>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)).\n\n**3.2.5 [LOOP WITH UNREACHABLE EXIT CONDITION ('INFINITE LOOP') CWE-835](<https://cwe.mitre.org/data/definitions/835.html>)**\n\nThe iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.\n\n[CVE-2020-27618](<https://nvd.nist.gov/vuln/detail/CVE-2020-27618>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)).\n\n**3.2.6 [REACHABLE ASSERTION CWE-617](<https://cwe.mitre.org/data/definitions/617.html>)**\n\nThe iconv function in the GNU C library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.\n\n[CVE-2020-29562](<https://nvd.nist.gov/vuln/detail/CVE-2020-29562>) has been assigned to this vulnerability. A CVSS v3 base score of 4.8 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H>)).\n\n**3.2.7 [REACHABLE ASSERTION CWE-617](<https://cwe.mitre.org/data/definitions/617.html>)**\n\nThe iconv function in the GNU C library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.\n\n[CVE-2021-3326](<https://nvd.nist.gov/vuln/detail/CVE-2021-3326>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n**3.2.8 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)**\n\nA flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.\n\n[CVE-2021-3998](<https://nvd.nist.gov/vuln/detail/CVE-2021-3998>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N>)).\n\n**3.2.9 [OFF-BY-ONE ERROR CWE-193](<https://cwe.mitre.org/data/definitions/193.html>)**\n\nA flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.\n\n[CVE-2021-3999](<https://nvd.nist.gov/vuln/detail/CVE-2021-3999>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)).\n\n**3.2.10 [INCORRECT DEFAULT PERMISSIONS CWE-276](<https://cwe.mitre.org/data/definitions/276.html>)**\n\nA flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47.\n\n[CVE-2021-20269](<https://nvd.nist.gov/vuln/detail/CVE-2021-20269>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N>)).\n\n**3.2.11 [DOUBLE FREE CWE-415](<https://cwe.mitre.org/data/definitions/415.html>)**\n\nThe nameserver caching daemon (nscd) in the GNU C library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or denial of service on the local system. This is related to netgroupcache.c.\n\n[CVE-2021-27645](<https://nvd.nist.gov/vuln/detail/CVE-2021-27645>) has been assigned to this vulnerability. A CVSS v3 base score of 2.5 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L>)).\n\n**3.2.12 [IMPROPER HANDLING OF EXCEPTIONAL CONDITIONS CWE-755](<https://cwe.mitre.org/data/definitions/755.html>)**\n\nDecompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.\n\n[CVE-2021-28831](<https://nvd.nist.gov/vuln/detail/CVE-2021-28831>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n**3.2.13 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)**\n\nThe mq_notify function in the GNU C library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.\n\n[CVE-2021-33574](<https://nvd.nist.gov/vuln/detail/CVE-2021-33574>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n**3.2.14 [INTEGER OVERFLOW OR WRAPAROUND CWE-190](<https://cwe.mitre.org/data/definitions/190.html>)**\n\nThe wordexp function in the GNU C library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.\n\n[CVE-2021-35942](<https://nvd.nist.gov/vuln/detail/CVE-2021-35942>) has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H>)).\n\n**3.2.15 [NULL POINTER DEREFERENCE CWE-476](<https://cwe.mitre.org/data/definitions/476.html>)**\n\nIn librt in the GNU C library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.\n\n[CVE-2021-38604](<https://nvd.nist.gov/vuln/detail/CVE-2021-38604>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n**3.2.16 [NULL POINTER DEREFERENCE CWE-476](<https://cwe.mitre.org/data/definitions/476.html>)**\n\nA NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given.\n\n[CVE-2021-42373](<https://nvd.nist.gov/vuln/detail/CVE-2021-42373>) has been assigned to this vulnerability. A CVSS v3 base score of 5.1 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n**3.2.17 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)**\n\nOut-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that internally supports LZMA compression.\n\n[CVE-2021-42374](<https://nvd.nist.gov/vuln/detail/CVE-2021-42374>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H>)).\n\n**3.2.18 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)**\n\nAn incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for denial of service under rare conditions of filtered command input.\n\n[CVE-2021-42375](<https://nvd.nist.gov/vuln/detail/CVE-2021-42375>) has been assigned to this vulnerability. A CVSS v3 base score of 4.1 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H>)).\n\n**3.2.19 [NULL POINTER DEREFERENCE CWE-476](<https://cwe.mitre.org/data/definitions/476.html>)**\n\nA NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \\x03 delimiter character. This may be used for denial of service under very rare conditions of filtered command input.\n\n[CVE-2021-42376](<https://nvd.nist.gov/vuln/detail/CVE-2021-42376>) has been assigned to this vulnerability. A CVSS v3 base score of 4.1 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H>)).\n\n**3.2.20 [RELEASE OF INVALID POINTER OR REFERENCE CWE-763](<https://cwe.mitre.org/data/definitions/763.html>)**\n\nAn attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &amp;&amp;&amp; string. This may be used for remote code execution under rare conditions of filtered command input.\n\n[CVE-2021-42377](<https://nvd.nist.gov/vuln/detail/CVE-2021-42377>) has been assigned to this vulnerability. A CVSS v3 base score of 6.4 has been calculated. the CVSS vector string is ([CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>))\n\n**3.2.21 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)**\n\nUse-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function.\n\n[CVE-2021-42378](<https://nvd.nist.gov/vuln/detail/CVE-2021-42378>) has been assigned to this vulnerability. A CVSS v3 base score of 6.6 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>)).\n\n**3.2.22 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)**\n\nUse-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function.\n\n[CVE-2021-42379](<https://nvd.nist.gov/vuln/detail/CVE-2021-42379>) has been assigned to this vulnerability. A CVSS v3 base score of 6.6 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>)).\n\n**3.2.23 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)**\n\nUse-after-free in awk leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function.\n\n[CVE-2021-42380](<https://nvd.nist.gov/vuln/detail/CVE-2021-42380>) has been assigned to this vulnerability. A CVSS v3 base score of 6.6 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>)).\n\n**3.2.24 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)**\n\nUse-after-free in awk leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function.\n\n[CVE-2021-42381](<https://nvd.nist.gov/vuln/detail/CVE-2021-42381>) has been assigned to this vulnerability. A CVSS v3 base score of 6.6 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>)).\n\n**3.2.25 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)**\n\nUse-after-free in awk leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function.\n\n[CVE-2021-42382](<https://nvd.nist.gov/vuln/detail/CVE-2021-42382>) has been assigned to this vulnerability. A CVSS v3 base score of 6.6 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>)).\n\n**3.2.26 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)**\n\nUse-after-free in awk leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function.\n\n[CVE-2021-42383](<https://nvd.nist.gov/vuln/detail/CVE-2021-42383>) has been assigned to this vulnerability. A CVSS v3 base score of 6.6 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>)).\n\n**3.2.27 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)**\n\nUse-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function.\n\n[CVE-2021-42384](<https://nvd.nist.gov/vuln/detail/CVE-2021-42384>) has been assigned to this vulnerability. A CVSS v3 base score of 6.6 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>)).\n\n**3.2.28 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)**\n\nUse-after-free in awk leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function.\n\n[CVE-2021-42385](<https://nvd.nist.gov/vuln/detail/CVE-2021-42385>) has been assigned to this vulnerability. A CVSS v3 base score of 6.6 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>)).\n\n**3.2.29 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)**\n\nUse-after-free in awk leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function.\n\n[CVE-2021-42386](<https://nvd.nist.gov/vuln/detail/CVE-2021-42386>) has been assigned to this vulnerability. A CVSS v3 base score of 6.6 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>)).\n\n**3.2.30 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)**\n\nA use-after-free flaw was found in the Linux kernel\u2019s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.\n\n[CVE-2022-1882](<https://nvd.nist.gov/vuln/detail/CVE-2022-1882>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)).\n\n**3.2.31 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)**\n\nA use-after-free flaw was found in the Linux kernel\u2019s POSIX CPU timers functionality in the way a user creates and then deletes the timer in the non-leader thread of the program. This flaw allows a local user to crash or potentially escalate their privileges on the system.\n\n[CVE-2022-2585](<https://nvd.nist.gov/vuln/detail/CVE-2022-2585>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)).\n\n**3.2.32 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)**\n\nThe network packet scheduler implementation in the Linux kernel does not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.\n\n[CVE-2022-2588](<https://nvd.nist.gov/vuln/detail/CVE-2022-2588>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)).\n\n**3.2.33 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)**\n\nAn out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.\n\n[CVE-2022-2905](<https://nvd.nist.gov/vuln/detail/CVE-2022-2905>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N>)).\n\n**3.2.34 [CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION ('RACE CONDITION') CWE-362](<https://cwe.mitre.org/data/definitions/362.html>)**\n\nA race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.\n\n[CVE-2022-3028](<https://nvd.nist.gov/vuln/detail/CVE-2022-3028>) has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H>)).\n\n**3.2.35 [IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119](<https://cwe.mitre.org/data/definitions/119.html>)**\n\nA vulnerability classified as problematic has been found in the Linux kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue.\n\n[CVE-2022-3435](<https://nvd.nist.gov/vuln/detail/CVE-2022-3435>) has been assigned to this vulnerability. A CVSS v3 base score of 4.3 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N>)).\n\n**3.2.36 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)**\n\nA flaw was found in the Linux kernel\u2019s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.\n\n[CVE-2022-3586](<https://nvd.nist.gov/vuln/detail/CVE-2022-3586>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)).\n\n**3.2.37 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>)**\n\nA stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.\n\n[CVE-2022-4378](<https://nvd.nist.gov/vuln/detail/CVE-2022-4378>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)).\n\n**3.2.38 [NON-EXIT ON FAILED INITIALIZATION CWE-455](<https://cwe.mitre.org/data/definitions/455.html>)**\n\nA flaw of incorrect access control in the Linux kernel USB core subsystem was found in the way a user attaches a USB device. A local user could use this flaw to crash the system.\n\n[CVE-2022-4662](<https://nvd.nist.gov/vuln/detail/CVE-2022-4662>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)).\n\n**3.2.39 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)**\n\nIn binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android, Versions: Android kernel, Android ID: A-239630375, References: Upstream kernel.\n\n[CVE-2022-20421](<https://nvd.nist.gov/vuln/detail/CVE-2022-20421>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)).\n\n**3.2.40 [CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION ('RACE CONDITION') CWE-362](<https://cwe.mitre.org/data/definitions/362.html>) **\n\nIn emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android, Versions: Android kernel, Android ID: A-237540956, References: Upstream kernel \n\n[CVE-2022-20422](<https://nvd.nist.gov/vuln/detail/CVE-2022-20422>) has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H>)). \n\n**3.2.41 [MISSING ENCRYPTION OF SENSITIVE DATA CWE-311](<https://cwe.mitre.org/data/definitions/311.html>)**\n\nImproper isolation of shared resources in some Intel processors may allow a privileged user to potentially enable information disclosure via local access.\n\n[CVE-2022-21233](<https://nvd.nist.gov/vuln/detail/CVE-2022-21233>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N>)).\n\n**3.2.42 [BUFFER COPY WITHOUT CHECKING SIZE OF INPUT ('CLASSIC BUFFER OVERFLOW') CWE-120](<https://cwe.mitre.org/data/definitions/120.html>)**\n\nThe deprecated compatibility function svcunix_create in the sunrpc module of the GNU C library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.\n\n[CVE-2022-23218](<https://nvd.nist.gov/vuln/detail/CVE-2022-23218>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n**3.2.43 [BUFFER COPY WITHOUT CHECKING SIZE OF INPUT ('CLASSIC BUFFER OVERFLOW') CWE-120](<https://cwe.mitre.org/data/definitions/120.html>)**\n\nThe deprecated compatibility function clnt_create in the sunrpc module of the GNU C library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.\n\n[CVE-2022-23219](<https://nvd.nist.gov/vuln/detail/CVE-2022-23219>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n**3.2.44 [MISSING ENCRYPTION OF SENSITIVE DATA CWE-311](<https://cwe.mitre.org/data/definitions/311.html>)**\n\nBusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.\n\n[CVE-2022-28391](<https://nvd.nist.gov/vuln/detail/CVE-2022-28391>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H>)).\n\n**3.2.45 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)**\n\nA use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.\n\n[CVE-2022-30065](<https://nvd.nist.gov/vuln/detail/CVE-2022-30065>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H>)).\n\n**3.2.46 [CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION ('RACE CONDITION') CWE-362](<https://cwe.mitre.org/data/definitions/362.html>)**\n\nAn issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.\n\n[CVE-2022-39188](<https://nvd.nist.gov/vuln/detail/CVE-2022-39188>) has been assigned to this vulnerability. A CVSS v3 base score of 4.7 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H>)).\n\n**3.2.47 [UNCONTROLLED RESOURCE CONSUMPTION CWE-400](<https://cwe.mitre.org/data/definitions/400.html>)**\n\nAn issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.\n\n[CVE-2022-39190](<https://nvd.nist.gov/vuln/detail/CVE-2022-39190>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)).\n\n**3.2.48 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)**\n\nAn issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.\n\n[CVE-2022-40307](<https://nvd.nist.gov/vuln/detail/CVE-2022-40307>) has been assigned to this vulnerability. A CVSS v3 base score of 4.7 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H>)).\n\n**3.2.49 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)**\n\nmm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.\n\n[CVE-2022-41222](<https://nvd.nist.gov/vuln/detail/CVE-2022-41222>) has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H>)).\n\n**3.2.50 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>)**\n\nmm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n\n[CVE-2022-42703](<https://nvd.nist.gov/vuln/detail/CVE-2022-42703>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)).\n\n**3.2.51 [INTEGER OVERFLOW OR WRAPAROUND CWE-190](<https://cwe.mitre.org/data/definitions/190.html>)**\n\nA buffer overflow vulnerability was found in the Netfilter subsystem in the Linux kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow local privilege escalation to the root user via arbitrary code execution.\n\n[CVE-2023-0179](<https://nvd.nist.gov/vuln/detail/CVE-2023-0179>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)).\n\n**3.2.52 [MISSING ENCRYPTION OF SENSITIVE DATA CWE-311](<https://cwe.mitre.org/data/definitions/311.html>)**\n\nA NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.\n\n[CVE-2023-0394](<https://nvd.nist.gov/vuln/detail/CVE-2023-0394>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)).\n\n**3.2.53 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>)**\n\nA memory corruption flaw was found in the Linux kernel\u2019s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.\n\n[CVE-2023-1073](<https://nvd.nist.gov/vuln/detail/CVE-2023-1073>) has been assigned to this vulnerability. A CVSS v3 base score of 6.6 has been calculated. The CVSS vector string is ([CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Multiple\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** Germany\n\n### 3.4 RESEARCHER\n\nSiemens reported these vulnerabilities to CISA.\n\n## 4\\. MITIGATIONS\n\nSiemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available. Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:\n\n * Only build and run applications from trusted sources.\n\nAs a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to [Siemens' operational guidelines for industrial security](<https://www.siemens.com/cert/operational-guidelines-industrial-security>), and to follow the recommendations in the product manuals. Additional information on industrial security by Siemens can be found at: <https://www.siemens.com/industrialsecurity>.\n\nFor further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: <https://www.siemens.com/cert/advisories>. \n\nFor more information see the associated Siemens security advisory SSA-831302 in [HTML](<https://cert-portal.siemens.com/productcert/html/ssa-831302.html>) and [CSAF](<https://cert-portal.siemens.com/productcert/csaf/ssa-831302.json>).\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/Recommended-Practices>) on the ICS webpage at [cisa.gov/ics](<https://cisa.gov/ics>). Several CISA products detailing cyber defense best practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the ICS webpage at [cisa.gov/ics](<https://cisa.gov/ics>) in the technical information paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B>).\n\nOrganizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.\n\nCISA also recommends users take the following measures to protect themselves from social engineering attacks:\n\n * Do not click web links or open attachments in unsolicited email messages.\n * Refer to [Recognizing and Avoiding Email Scams](<https://www.cisa.gov/uscert/sites/default/files/publications/emailscams_0905.pdf>) for more information on avoiding email scams.\n * Refer to [Avoiding Social Engineering and Phishing Attacks](<https://www.cisa.gov/uscert/ncas/tips/ST04-014>) for more information on social engineering attacks.\n\nNo known public exploits specifically target these vulnerabilities. These vulnerabilities are exploitable remotely. These vulnerabilities have low attack complexity.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-06-15T12:00:00", "type": "ics", "title": "Siemens SIMATIC S7-1500 TM MFP BIOS", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228", "CVE-2019-25013", "CVE-2020-10029", "CVE-2020-1752", "CVE-2020-27618", "CVE-2020-29562", "CVE-2021-20269", "CVE-2021-27645", "CVE-2021-28831", "CVE-2021-3326", "CVE-2021-33574", "CVE-2021-35942", "CVE-2021-38604", "CVE-2021-3998", "CVE-2021-3999", "CVE-2021-42373", "CVE-2021-42374", "CVE-2021-42375", "CVE-2021-42376", "CVE-2021-42377", "CVE-2021-42378", "CVE-2021-42379", "CVE-2021-42380", "CVE-2021-42381", "CVE-2021-42382", "CVE-2021-42383", "CVE-2021-42384", "CVE-2021-42385", "CVE-2021-42386", "CVE-2022-1882", "CVE-2022-20421", "CVE-2022-20422", "CVE-2022-21233", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-2585", "CVE-2022-2588", "CVE-2022-28391", "CVE-2022-2905", "CVE-2022-30065", "CVE-2022-3028", "CVE-2022-3435", "CVE-2022-3586", "CVE-2022-39188", "CVE-2022-39190", "CVE-2022-40307", "CVE-2022-41222", "CVE-2022-42703", "CVE-2022-4378", "CVE-2022-4662", "CVE-2023-0179", "CVE-2023-0394", "CVE-2023-1073"], "modified": "2023-06-15T12:00:00", "id": "ICSA-23-166-10", "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-10", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}