269 matches found
Ubuntu: Security Advisory (USN-6423-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 Security Update : libcue (SUSE-SU-2023:4090-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4090-1 advisory. - CVE-2023-43641: Fixed a buffer overflow while parsing a malicious file bsc1215728. Tenable has extracted the precedin...
USN-6423-2: CUE vulnerability
USN-6423-1 fixed a vulnerability in CUE. This update provides the corresponding updates for Ubuntu 23.10. Original advisory details: It was discovered that CUE incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code...
USN-6423-2 libcue vulnerability
USN-6423-1 fixed a vulnerability in CUE. This update provides the corresponding updates for Ubuntu 23.10. Original advisory details: It was discovered that CUE incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code...
Fedora: Security Advisory for libcue (FEDORA-2023-1fe05ac8d9)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : libcue -- out-of-bounds array access (ae0ee356-6ae1-11ee-bfb6-8c164567ca3c)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ae0ee356-6ae1-11ee-bfb6-8c164567ca3c advisory. - libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are...
SUSE CVE-2023-43641
libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to /Downloads, it ...
Fedora: Security Advisory for libcue (FEDORA-2023-eec9ce5935)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Remote Code Execution (RCE)
libcue is vulnerable to Remote Code Execution. The vulnerability is due to improper out of bound array checks. This can be exploited by the attacker by making the user to download a cue sheet and parse the file to gain code execution...
[SECURITY] Fedora 38 Update: libcue-2.2.1-13.fc38
Libcue is intended for parsing a so-called cue sheet from a char string or a file pointer. For handling of the parsed data a convenient API is available...
CVE-2023-43641
A flaw was found in libcue, which is consumed by the tracker-miners application. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious web page, allowing remote code execution...
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: gke-gcloud-auth-plugin, grype, bom, weaviate, pulumi, amass, secrets-store-csi-driver, newrelic-infrastructure-agent, flux-source-controller, gobuster, spark-operator, coredns, ip-masq-agent, src, cortex, rqlite, haproxy-ingress, skaffold, terraform-provider-azurerm,...
libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks
A new security flaw has been disclosed in the libcue library impacting GNOME Linux systems that could be exploited to achieve remote code execution RCE on affected hosts. Tracked as CVE-2023-43641 CVSS score: 8.8, the issue is described as a case of memory corruption in libcue, a library designed...
libcue: Arbitrary Code Execution
Background libcue is a CUE Sheet Parser Library. Description libcue does not check bounds in a loop and suffers from an integer overflow flaw which can be exploited to take over the program. Impact Untrusted CUE sheet files can lead to arbitrary code execution. app-misc/tracker-minerscue uses...
GLSA-202310-10 : libcue: Arbitrary Code Execution
The remote host is affected by the vulnerability described in GLSA-202310-10 libcue: Arbitrary Code Execution - libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment ca...
CVE-2023-43641
libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to /Downloads, it ...
DEBIAN-CVE-2023-43641
libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to /Downloads, it ...
CVE-2023-43641
CVE-2023-43641 affects libcue, a library for parsing CUE sheets. Versions
CVE-2023-43641 libcue vulnerable to out-of-bounds array access
libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to /Downloads, it ...
CVE-2023-43641 libcue vulnerable to out-of-bounds array access
libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to /Downloads, it ...