Fedora: Security Advisory for suricata (FEDORA-2020-cd84e46e68)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

The vulnerability of the `clear_decompress_subcode_rlex` function in the FreeRDP remote desktop protocol allows a intruder to trigger a service failure.

The vulnerability of the cleardecompresssubcoderlex function in the FreeRDP remote desktop protocol is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

opus:opus_decode_fuzzer_fixed: Use-of-uninitialized-value in silk_decode_core

Project: https://gitlab.xiph.org/xiph/opus.git Detailed Report: https://oss-fuzz.com/testcase?key=5753048566857728 Project: opus Fuzzing Engine: libFuzzer Fuzz Target: opusdecodefuzzerfixed Job Type: libfuzzermsanopus Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...

Denial Of Service (DoS)

github.com/apple/swift-nio-extras is vulnerable to denial of service DoS. When .size decompression limit is used, it does not properly check the size of decompression limits defined by their DecompressionLimit property, allowing an attacker to crash the application by maliciously sending compress...

Denial Of Service (DoS)

gd is vulnerable to denial of serviceDoS. The readimagetga function in gdtga.c in the GD Graphics Library aka libgd allows remote attackers to cause a denial of service out-of-bounds read via a crafted TGA file, related to the decompression buffer...

[SECURITY] Fedora 32 Update: suricata-5.0.3-1.fc32

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

elfutils: Double-free due to double decompression of sections in crafted ELF causes crash

libelf/elfend.c in elfutils 0.173 allows remote attackers to cause a denial of service double free and application crash or possibly have unspecified other impact because it tries to decompress twice...

Arbitrary Code Execution

bzip2 is vulnerable to arbitrary code execution. The vulnerability exists as an integer overflow flaw was discovered in the bzip2 decompression routine. This issue could, when decompressing malformed archives, cause bzip2, or an application linked against the libbz2 library, to crash or,...

CentOS 7 : libxml2 (RHSA-2020:1190)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1190 advisory. - The xzdecomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a...

Denial Of Service (DoS)

libxml2 is vulnerable to denial of service DoS. The vulnerability exists through an infinite loop caused by incorrect error detection during LZMA decompression...

libxml2: Infinite loop caused by incorrect error detection during LZMA decompression

libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service infinite loop via a crafted XML file that triggers LZMAMEMLIMITERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251...

libxml2: DoS caused by incorrect error detection during XZ decompression

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash...

Moderate: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

SMBGhost – Analysis of CVE-2020-0796

ARCHIVED STORY SMBGhost – Analysis of CVE-2020-0796 By Eoin Carrol - March 12, 2020 The Vulnerability The latest vulnerability in SMBv3 is a “wormable” vulnerability given its potential ability to replicate or spread over network shares using the latest version of the protocol SMB 3.1.1. As of...

SMBGhost – Analysis of CVE-2020-0796

ARCHIVED STORY SMBGhost – Analysis of CVE-2020-0796 By Eoin Carrol - March 12, 2020 The Vulnerability The latest vulnerability in SMBv3 is a “wormable” vulnerability given its potential ability to replicate or spread over network shares using the latest version of the protocol SMB 3.1.1. As of...

libarchive RAR5 file decompression vulnerability

Libarchive is an open source, C programming library under the BSD license that implements streaming access to a variety of different archive formats. A RAR5 file decompression vulnerability exists in versions of libarchive prior to 3.4.2. The vulnerability stems from libarchive attempting to...