Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rosalinuxROSA LABROSA-SA-2024-2457
HistoryJul 23, 2024 - 11:32 a.m.

Advisory ROSA-SA-2024-2457

2024-07-2311:32:56
ROSA LAB
abf.rosalinux.ru
5
advisory
snappy
rosa virtualization
critical vulnerability
remote code execution
php snappy
memory recovery

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

0.017

Percentile

88.2%

JSON

Software: snappy 1.1.8
OS: ROSA Virtualization 2.1

package_evr_string: snappy-1.1.8

CVE-ID: CVE-2023-28115
BDU-ID: None
CVE-Crit: CRITICAL
CVE-DESC.: A vulnerability in the generateFromHtml() function of the PHP Snappy library involves the recovery of invalid data from memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Not Applicable
CVE-REV:

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchsnappy< 1.1.8UNKNOWN

Related

debiancve 1
prion 2
ubuntucve 1
veracode 1
friendsofphp 3
alpinelinux 1
cvelist 2
github 2
nvd 2
cve 2
osv 5
debiancve
debiancve
CVE-2023-28115
2023-03-17 22:15:11
prion
prion
Deserialization of untrusted data
2023-03-17 22:15:00
Deserialization of untrusted data
2023-09-06 18:15:00
ubuntucve
ubuntucve
CVE-2023-28115
2023-03-17 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2023-03-23 00:53:31
friendsofphp
friendsofphp
PHAR deserialization allowing remote code execution
2023-03-17 15:47:00
PHAR deserialization allowing remote code execution
2023-03-17 15:47:00
Snappy PHAR deserialization vulnerability
2023-09-06 15:24:48
alpinelinux
alpinelinux
CVE-2023-28115
2023-03-17 22:15:11
cvelist
cvelist
CVE-2023-28115 Snappy vulnerable to PHAR deserialization, allowing remote code execution
2023-03-17 21:15:25
CVE-2023-41330 Unsafe deserialization in knplabs/knp-snappy
2023-09-06 17:33:21
github
github
PHAR deserialization allowing remote code execution
2023-03-17 18:24:24
Snappy PHAR deserialization vulnerability
2023-09-08 12:17:48
nvd
nvd
CVE-2023-28115
2023-03-17 22:15:11
CVE-2023-41330
2023-09-06 18:15:09
cve
cve
CVE-2023-28115
2023-03-17 22:15:11
CVE-2023-41330
2023-09-06 18:15:09
osv
osv
CGA-9xrh-8q77-2454
2024-06-06 12:25:48
CVE-2023-41330
2023-09-06 18:15:09
Snappy PHAR deserialization vulnerability
2023-09-08 12:17:48

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

0.017

Percentile

88.2%

JSON
Related for ROSA-SA-2024-2457
debiancve1prion2ubuntucve1veracode1friendsofphp3alpinelinux1cvelist2github2nvd2cve2osv5