ISHACK AI BOT

OS X update for AVEVideoEncoder (CVE-2023-38039) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/15/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Bluetooth (CVE-2023-38039) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/15/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Accessibility (CVE-2023-38039) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/15/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Lucee: CVE-2023-38693: Lucee CVE Security Alert Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/15/2023 Created 02/06/2024 Added 02/05/2024 Modified 02/05/2024 Description The Lucee team received a responsible disclosure for a security vulnerability which affects many previous releases of Lucee. Anyone running these older releases are advised to hotfix immediately and then make plans to upgrade to the latest 5.4.3.2 Stable Release, which includes further additional hardening, as well as updated CVE free java libraries. Solution(s) lucee-upgrade-latest References https://attackerkb.com/topics/cve-2023-38693 CVE - 2023-38693 https://dev.lucee.org/t/lucee-critical-security-alert-august-15th-2023-cve-2023-38693/12893

Alpine Linux: CVE-2023-40018: Out-of-bounds Write Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/15/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID. When an SDP is offered with any ICE candidates with an unknown component ID, FreeSWITCH will make an out of bounds write to itsarrays. By abusing this vulnerability, an attacker is able to corrupt FreeSWITCH memory leading to an undefined behavior of the system or a crash of it. Version 1.10.10 contains a patch for this issue. Solution(s) alpine-linux-upgrade-freeswitch References https://attackerkb.com/topics/cve-2023-40018 CVE - 2023-40018 https://security.alpinelinux.org/vuln/CVE-2023-40018

OS X update for Archive Utility (CVE-2023-38039) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/15/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Gentoo Linux: CVE-2023-36735: Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/15/2023 Created 02/06/2024 Added 02/05/2024 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Solution(s) gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-36735 CVE - 2023-36735 202402-05

OS X update for Accounts (CVE-2023-38039) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/15/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AppleVA (CVE-2023-38039) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/15/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for CoreServices (CVE-2023-38039) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/15/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

SUSE: CVE-2023-36479: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:P/A:N) Published 09/15/2023 Created 10/27/2023 Added 10/27/2023 Modified 01/28/2025 Description Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2. Solution(s) suse-upgrade-jetty-annotations suse-upgrade-jetty-ant suse-upgrade-jetty-cdi suse-upgrade-jetty-client suse-upgrade-jetty-continuation suse-upgrade-jetty-deploy suse-upgrade-jetty-fcgi suse-upgrade-jetty-http suse-upgrade-jetty-http-spi suse-upgrade-jetty-io suse-upgrade-jetty-jaas suse-upgrade-jetty-jmx suse-upgrade-jetty-jndi suse-upgrade-jetty-jsp suse-upgrade-jetty-minimal-javadoc suse-upgrade-jetty-openid suse-upgrade-jetty-plus suse-upgrade-jetty-proxy suse-upgrade-jetty-quickstart suse-upgrade-jetty-rewrite suse-upgrade-jetty-security suse-upgrade-jetty-server suse-upgrade-jetty-servlet suse-upgrade-jetty-servlets suse-upgrade-jetty-start suse-upgrade-jetty-util suse-upgrade-jetty-util-ajax suse-upgrade-jetty-webapp suse-upgrade-jetty-xml References https://attackerkb.com/topics/cve-2023-36479 CVE - 2023-36479

SUSE: CVE-2023-38039: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/15/2023 Created 09/20/2023 Added 09/20/2023 Modified 01/28/2025 Description When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory. Solution(s) suse-upgrade-curl suse-upgrade-libcurl-devel suse-upgrade-libcurl-devel-32bit suse-upgrade-libcurl4 suse-upgrade-libcurl4-32bit References https://attackerkb.com/topics/cve-2023-38039 CVE - 2023-38039

SUSE: CVE-2023-40167: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 09/15/2023 Created 10/27/2023 Added 10/27/2023 Modified 01/28/2025 Description Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field.This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses.There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario. Solution(s) suse-upgrade-jetty-annotations suse-upgrade-jetty-ant suse-upgrade-jetty-cdi suse-upgrade-jetty-client suse-upgrade-jetty-continuation suse-upgrade-jetty-deploy suse-upgrade-jetty-fcgi suse-upgrade-jetty-http suse-upgrade-jetty-http-spi suse-upgrade-jetty-io suse-upgrade-jetty-jaas suse-upgrade-jetty-jmx suse-upgrade-jetty-jndi suse-upgrade-jetty-jsp suse-upgrade-jetty-minimal-javadoc suse-upgrade-jetty-openid suse-upgrade-jetty-plus suse-upgrade-jetty-proxy suse-upgrade-jetty-quickstart suse-upgrade-jetty-rewrite suse-upgrade-jetty-security suse-upgrade-jetty-server suse-upgrade-jetty-servlet suse-upgrade-jetty-servlets suse-upgrade-jetty-start suse-upgrade-jetty-util suse-upgrade-jetty-util-ajax suse-upgrade-jetty-webapp suse-upgrade-jetty-xml References https://attackerkb.com/topics/cve-2023-40167 CVE - 2023-40167

Gentoo Linux: CVE-2023-38039: curl: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/15/2023 Created 10/12/2023 Added 10/12/2023 Modified 01/28/2025 Description When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory. Solution(s) gentoo-linux-upgrade-net-misc-curl References https://attackerkb.com/topics/cve-2023-38039 CVE - 2023-38039 202310-12

OS X update for CoreMedia Playback (CVE-2023-38039) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/15/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

SUSE: CVE-2023-41900: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 09/15/2023 Created 10/27/2023 Added 10/27/2023 Modified 01/28/2025 Description Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenticated user, then the current request will still treat the user as authenticated. The authentication is then cleared from the session and subsequent requests will not be treated as authenticated. So a request on a previously authenticated session could be allowed to bypass authentication after it had been rejected by the `LoginService`. This impacts usages of the jetty-openid which have configured a nested `LoginService` and where that `LoginService` will is capable of rejecting previously authenticated users. Versions 9.4.52, 10.0.16, and 11.0.16 have a patch for this issue. Solution(s) suse-upgrade-jetty-annotations suse-upgrade-jetty-ant suse-upgrade-jetty-cdi suse-upgrade-jetty-client suse-upgrade-jetty-continuation suse-upgrade-jetty-deploy suse-upgrade-jetty-fcgi suse-upgrade-jetty-http suse-upgrade-jetty-http-spi suse-upgrade-jetty-io suse-upgrade-jetty-jaas suse-upgrade-jetty-jmx suse-upgrade-jetty-jndi suse-upgrade-jetty-jsp suse-upgrade-jetty-minimal-javadoc suse-upgrade-jetty-openid suse-upgrade-jetty-plus suse-upgrade-jetty-proxy suse-upgrade-jetty-quickstart suse-upgrade-jetty-rewrite suse-upgrade-jetty-security suse-upgrade-jetty-server suse-upgrade-jetty-servlet suse-upgrade-jetty-servlets suse-upgrade-jetty-start suse-upgrade-jetty-util suse-upgrade-jetty-util-ajax suse-upgrade-jetty-webapp suse-upgrade-jetty-xml References https://attackerkb.com/topics/cve-2023-41900 CVE - 2023-41900

OS X update for Assets (CVE-2023-38039) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/15/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

VMware Photon OS: CVE-2023-38039 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/15/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-38039 CVE - 2023-38039

Alpine Linux: CVE-2023-38039: Allocation of Resources Without Limits or Throttling Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/15/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory. Solution(s) alpine-linux-upgrade-curl References https://attackerkb.com/topics/cve-2023-38039 CVE - 2023-38039 https://security.alpinelinux.org/vuln/CVE-2023-38039

SUSE: CVE-2023-4134: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/14/2023 Created 09/15/2023 Added 09/15/2023 Modified 01/28/2025 Description This CVE is addressed in the SUSE advisories SUSE-SU-2023:3599-1, SUSE-SU-2023:3599-2, SUSE-SU-2023:3600-1, SUSE-SU-2023:3600-2, SUSE-SU-2023:3601-1, SUSE-SU-2023:3656-1, SUSE-SU-2023:3680-1, SUSE-SU-2023:3681-1, SUSE-SU-2023:3682-1, SUSE-SU-2023:3683-1, SUSE-SU-2023:3683-2, SUSE-SU-2023:3684-1, SUSE-SU-2023:3687-1, SUSE-SU-2023:3704-1, SUSE-SU-2023:3704-2, SUSE-SU-2023:3705-1, SUSE-SU-2023:3785-1, SUSE-SU-2023:3964-1, SUSE-SU-2023:3969-1, SUSE-SU-2023:3971-1, SUSE-SU-2023:3988-1, CVE-2023-4134. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-4134 CVE - 2023-4134 SUSE-SU-2023:3599-1 SUSE-SU-2023:3599-2 SUSE-SU-2023:3600-1 SUSE-SU-2023:3600-2 SUSE-SU-2023:3601-1 SUSE-SU-2023:3656-1 SUSE-SU-2023:3680-1 SUSE-SU-2023:3681-1 SUSE-SU-2023:3682-1 SUSE-SU-2023:3683-1 SUSE-SU-2023:3683-2 SUSE-SU-2023:3684-1 SUSE-SU-2023:3687-1 SUSE-SU-2023:3704-1 SUSE-SU-2023:3704-2 SUSE-SU-2023:3705-1 SUSE-SU-2023:3785-1 SUSE-SU-2023:3964-1 SUSE-SU-2023:3969-1 SUSE-SU-2023:3971-1 SUSE-SU-2023:3988-1 View more

FreeBSD: VID-943F8915-6C5D-11EF-810A-F8B46A88F42C (CVE-2023-25588): binutils -- Multiple vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 09/10/2024 Added 09/07/2024 Modified 01/28/2025 Description A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service. Solution(s) freebsd-upgrade-package-binutils References CVE-2023-25588

Amazon Linux AMI 2: CVE-2022-31631: Security patch for php (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/14/2023 Created 09/14/2023 Added 09/14/2023 Modified 02/14/2025 Description In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities. Solution(s) amazon-linux-ami-2-upgrade-php amazon-linux-ami-2-upgrade-php-bcmath amazon-linux-ami-2-upgrade-php-cli amazon-linux-ami-2-upgrade-php-common amazon-linux-ami-2-upgrade-php-dba amazon-linux-ami-2-upgrade-php-dbg amazon-linux-ami-2-upgrade-php-debuginfo amazon-linux-ami-2-upgrade-php-devel amazon-linux-ami-2-upgrade-php-embedded amazon-linux-ami-2-upgrade-php-enchant amazon-linux-ami-2-upgrade-php-fpm amazon-linux-ami-2-upgrade-php-gd amazon-linux-ami-2-upgrade-php-gmp amazon-linux-ami-2-upgrade-php-intl amazon-linux-ami-2-upgrade-php-ldap amazon-linux-ami-2-upgrade-php-mbstring amazon-linux-ami-2-upgrade-php-mysqlnd amazon-linux-ami-2-upgrade-php-odbc amazon-linux-ami-2-upgrade-php-opcache amazon-linux-ami-2-upgrade-php-pdo amazon-linux-ami-2-upgrade-php-pgsql amazon-linux-ami-2-upgrade-php-process amazon-linux-ami-2-upgrade-php-pspell amazon-linux-ami-2-upgrade-php-snmp amazon-linux-ami-2-upgrade-php-soap amazon-linux-ami-2-upgrade-php-sodium amazon-linux-ami-2-upgrade-php-xml References https://attackerkb.com/topics/cve-2022-31631 AL2/ALASPHP8.0-2023-003 AL2/ALASPHP8.1-2023-003 AL2/ALASPHP8.2-2023-003 CVE - 2022-31631

CentOS Linux: CVE-2023-32611: Low: glib2 security and bug fix update (CESA-2023:6631) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. Solution(s) centos-upgrade-glib2 centos-upgrade-glib2-debuginfo centos-upgrade-glib2-debugsource centos-upgrade-glib2-devel centos-upgrade-glib2-devel-debuginfo centos-upgrade-glib2-doc centos-upgrade-glib2-tests centos-upgrade-glib2-tests-debuginfo References CVE-2023-32611

FreeBSD: VID-943F8915-6C5D-11EF-810A-F8B46A88F42C (CVE-2023-25585): binutils -- Multiple vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 09/10/2024 Added 09/07/2024 Modified 01/28/2025 Description A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service. Solution(s) freebsd-upgrade-package-binutils References CVE-2023-25585

CentOS Linux: CVE-2023-32665: Low: glib2 security and bug fix update (CESA-2023:6631) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. Solution(s) centos-upgrade-glib2 centos-upgrade-glib2-debuginfo centos-upgrade-glib2-debugsource centos-upgrade-glib2-devel centos-upgrade-glib2-devel-debuginfo centos-upgrade-glib2-doc centos-upgrade-glib2-tests centos-upgrade-glib2-tests-debuginfo References CVE-2023-32665