Lucene search

K
redosRedosROS-20240412-06
HistoryApr 12, 2024 - 12:00 a.m.

ROS-20240412-06

2024-04-1200:00:00
redos.red-soft.ru
4
openssl
sm2
libseccomp
access delimitation
golang.org/x/crypto/ssh
denial of service
libfetch
end-of-line checking
ftp
http
vulnerability
remote access
sensitive data
arbitrary code
ssh servers
cryptographic algorithm

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.068 Low

EPSS

Percentile

93.9%

A vulnerability in the OpenSSL library’s implementation of the SM2 cryptographic algorithm is related to buffer copying
without checking the size of the input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by transmitting specially crafted data for decoding.
remotely to execute arbitrary code by passing specially crafted data for decoding in
applications that use the EVP_PKEY_decrypt() function to decrypt SM2 data

A vulnerability in the libseccomp library is related to flaws in the access delimitation of some functions.
Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data, compromise its integrity, and destroy its integrity.
sensitive data, compromise its integrity, and cause a denial of service.

Vulnerability in the golang.org/x/crypto/ssh component of the library for the Go crypto programming language is related to
The use of cryptographic algorithms containing flaws. Exploitation of the vulnerability could allow an
an attacker to cause a denial of service to SSH servers

The FTP and HTTP protocols vulnerability in libfetch is related to the lack of end-of-line checking. Exploitation
exploitation of the vulnerability could allow an attacker acting remotely to gain access to confidential
information

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64etcd<= 3.5.12-4UNKNOWN

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.068 Low

EPSS

Percentile

93.9%