24 matches found
EUVD-2022-52462
Malicious code in bioql PyPI...
Oracle Linux 9 : runc (ELSA-2024-2180)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-2180 advisory. 4:1.1.12-2 - Switch dependency on criu to Recommends - Resolves: RHEL-25116 Tenable has extracted the preceding description block directly from the...
BIT-GOLANG-2022-30631 Stack exhaustion when reading certain archives in compress/gzip
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files...
CVE-2022-2879
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory,...
Oracle Linux 8 : go-toolset:ol8 (ELSA-2023-0446)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0446 advisory. golang 1.18.9-1 - Update to Go 1.18.9 - Add big-endian.patch - Increase GOTESTTIMEOUTSCALE due to a Brew issue - Add do-not-reuse-far-trampolines.patch...
Oracle Linux 9 : go-toolset / and / golang (ELSA-2023-0328)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0328 advisory. golang 1.18.9-1 - Rebase to Go 1.18.9 - Enable big endian support for fips mode - Fix ppc64le linker issue - Resolves: rhbz2144547 - Resolves:...
Important: golist
Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
Fedora 36 : golang (2022-0e313cc582)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-0e313cc582 advisory. This release includes security fixes to the archive/tar, net/http/httputil, and regexp packages, as well as bug fixes to the compiler, the linker, a...
Oracle Linux 9 : grafana-pcp (ELSA-2022-8250)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-8250 advisory. 3.2.0-3 - bump NVR Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...
Oracle Linux 8 : container-tools:3.0 (ELSA-2022-7529)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7529 advisory. - fixes CVE-2021-3602 - amend CVE-2022-1708 - fix CVE-2022-1708 - thanks to Peter Hunt - fix CVE-2022-27650 - fixes CVE-2021-3602 - rc95 fixes...
CVE-2022-2879
Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
Design/Logic Flaw
Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
CVE-2022-2879
CVE-2022-2879 affects Go-based archive/header reading (unbounded header memory in Reader.Read; fixed to cap header blocks at 1 MiB). Connected advisories show impact on container tooling: buildah versions older than 1.41.4-2 and podman versions older than 5.6.1-2 are affected. Upgrading to builda...
Moderate: Red Hat Security Advisory: Logging Subsystem 5.4.5 Security and Bug Fix Update
Logging Subsystem 5.4.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Referenc...
CVE-2022-30631
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files...
CVE-2022-30631
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files...
Design/Logic Flaw
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files...
CVE-2022-30631
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files...
CVE-2022-30631 Stack exhaustion when reading certain archives in compress/gzip
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files...
CVE-2022-30631
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files...