Lucene search

K
rosalinux
ROSA LABROSA-SA-2023-2184
HistoryJul 11, 2023 - 11:09 a.m.

Advisory ROSA-SA-2023-2184

2023-07-1111:09:54
ROSA LAB
abf.rosalinux.ru
7

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.9%

Software: libwebp 1.0.0
OS: ROSA Virtualization 2.1

package_evr_string: libwebp-1.0.0.0-8.rv3.src.rpm

CVE-ID: CVE-2020-36329
BDU-ID: 2021-03101
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to memory usage after memory is freed. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by creating a specially crafted file
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libwebp command

CVE-ID: CVE-2020-36330
BDU-ID: 2021-03104
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to access sensitive information by creating a specially crafted file
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update libwebp command

CVE-ID: CVE-2020-36331
BDU-ID: 2021-03105
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to access sensitive information by creating a specially crafted file
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update libwebp command

CVE-ID: CVE-2020-36332
BDU-ID: 2021-03107
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update libwebp command

CVE-ID: CVE-2023-1999
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: An attacker could use ApplyFiltersAndEncode() and cyclically release best.bw and assign the pointer best = Trial. The second loop would then return 0 due to a “Not enough memory” error in the VP8 encoder, the pointer is still assigned to Trial, and AddressSanitizer would attempt a double release.
CVE-STATUS: Fixed
CVE-REV: Run the yum update libwebp command to close it

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchlibwebp< 1.0.0UNKNOWN
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.9%

Related for ROSA-SA-2023-2184