ROS-20240409-06

A vulnerability in SaltStack Salt’s configuration management and remote operations execution system is related to
receiving multiple bad packets to the server equal to the number of worker threads, Salt will stop responding
back requests before restarting. Exploitation of the vulnerability could allow an attacker acting
remotely to cause a denial of service

A vulnerability in the OpenSSL cryptographic library is related to insufficient validation of user inputted
data in the POLY1305 MAC (message authentication code) implementation. Exploitation of the vulnerability could
allow an attacker to execute a denial-of-service attack by sending specially
specially crafted input data and corrupt MM registers on a Windows 64 platform

Vulnerability in load_pem_pkcs7_certificates() and load_der_pkcs7_certificates() functions of the cryptography package
is related to NULL pointer dereferencing. Exploitation of the vulnerability could allow an attacker,
acting remotely, to cause a denial of service

Vulnerability in EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), EVP_CipherInit_ex2() functions of the OpenSSL cryptography library is related to manipulation of the NULL pointer.
OpenSSL library is related to manipulation of the keylen/ivelens argument. Exploitation of the vulnerability could
Allow an attacker acting remotely to cause a denial of service

A vulnerability in the SaltStack Salt configuration management and remote operations execution system is related to the
Lack of service data protection. Exploitation of the vulnerability could allow an attacker to disclose
protected information