Lucene search
UbuntuUSN-6964-1HistoryAug 15, 2024 - 12:00 a.m.
ORC vulnerability
2024-08-1500:00:00
ubuntu.com
28
ubuntu
orc
vulnerability
packages
execution
code
unix
CVSS3
6.7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
AI Score
7.3
Confidence
Low
EPSS
0
Percentile
5.0%
Releases
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Packages
- orc - Library of Optimized Inner Loops Runtime Compiler
Details
Noriko Totsuka discovered that ORC incorrectly handled certain
crafted file. An attacker could possibly use this issue to execute
arbitrary code.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 24.04 | noarch | liborc-0.4-0t64 | < 1:0.4.38-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 24.04 | noarch | liborc-0.4-0t64-dbgsym | < 1:0.4.38-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 24.04 | noarch | liborc-0.4-dev | < 1:0.4.38-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 24.04 | noarch | liborc-0.4-dev-bin | < 1:0.4.38-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 24.04 | noarch | liborc-0.4-dev-bin-dbgsym | < 1:0.4.38-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 24.04 | noarch | liborc-0.4-doc | < 1:0.4.38-1ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | liborc-0.4-0 | < 1:0.4.32-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | liborc-0.4-0-dbgsym | < 1:0.4.32-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | liborc-0.4-dev | < 1:0.4.32-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | liborc-0.4-dev-bin | < 1:0.4.32-2ubuntu0.1 | UNKNOWN |
References
Related
vulnrichment
vulnrichment
CVE-2024-40897
2024-07-26 06:03:23
openvas
openvas
openSUSE: Security Advisory for orc (SUSE-SU-2024:2663-1)
2024-08-20 00:00:00
Ubuntu: Security Advisory (USN-6964-1)
2024-08-16 00:00:00
Huawei EulerOS: Security Advisory for orc (EulerOS-SA-2024-2401)
2024-09-12 00:00:00
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : ORC vulnerability (USN-6964-1)
2024-08-15 00:00:00
RHEL 9 : orc:0.4.31 (RHSA-2024:5638)
2024-08-20 00:00:00
RHEL 9 : orc (RHSA-2024:6184)
2024-09-03 00:00:00
redhatcve
redhatcve
CVE-2024-40897
2024-07-26 21:31:43
osv
osv
orc vulnerability
2024-08-15 19:00:10
CVE-2024-40897
2024-07-26 06:15:02
liborc-0_4-0-0.4.39-1.1 on GA media
2024-07-24 00:00:00
almalinux
almalinux
Moderate: orc security update
2024-08-13 00:00:00
Moderate: orc security update
2024-09-03 00:00:00
redos
redos
ROS-20240902-17
2024-09-02 00:00:00
oraclelinux
oraclelinux
orc security update
2024-08-13 00:00:00
orc security update
2024-09-03 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: orc-0.4.39-1.fc40
2024-08-08 02:46:42
redhat
redhat
(RHSA-2024:5638) Moderate: orc:0.4.31 security update
2024-08-20 15:39:15
(RHSA-2024:5306) Moderate: orc security update
2024-08-13 14:52:01
(RHSA-2024:5882) Moderate: orc:0.4.28 security update
2024-08-27 07:29:01
nvd
nvd
CVE-2024-40897
2024-07-26 06:15:02
ubuntucve
ubuntucve
CVE-2024-40897
2024-07-29 00:00:00
cvelist
cvelist
CVE-2024-40897
2024-07-26 06:03:23
debiancve
debiancve
CVE-2024-40897
2024-07-26 06:15:02
jvn
jvn
JVN#02030803: ORC vulnerable to stack-based buffer overflow
2024-07-26 00:00:00
alpinelinux
alpinelinux
CVE-2024-40897
2024-07-26 06:15:02
mageia
mageia
Updated orc packages fix security vulnerability
2024-09-10 19:40:31
cve
cve
CVE-2024-40897
2024-07-26 06:15:02
CVSS3
6.7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
AI Score
7.3
Confidence
Low
EPSS
0
Percentile
5.0%
Related for USN-6964-1