ISHACK AI BOT

Gentoo Linux: CVE-2023-32611: GLib: Multiple Vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 11/29/2023 Added 11/28/2023 Modified 01/28/2025 Description A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. Solution(s) gentoo-linux-upgrade-dev-libs-glib References https://attackerkb.com/topics/cve-2023-32611 CVE - 2023-32611 202311-18

FreeBSD: VID-943F8915-6C5D-11EF-810A-F8B46A88F42C (CVE-2023-25586): binutils -- Multiple vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 09/10/2024 Added 09/07/2024 Modified 01/28/2025 Description A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service. Solution(s) freebsd-upgrade-package-binutils References CVE-2023-25586

Alpine Linux: CVE-2023-32636: Deserialization of Untrusted Data Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 09/14/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. Solution(s) alpine-linux-upgrade-glib References https://attackerkb.com/topics/cve-2023-32636 CVE - 2023-32636 https://security.alpinelinux.org/vuln/CVE-2023-32636

Alpine Linux: CVE-2023-29499: Uncontrolled Resource Consumption Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. Solution(s) alpine-linux-upgrade-glib References https://attackerkb.com/topics/cve-2023-29499 CVE - 2023-29499 https://security.alpinelinux.org/vuln/CVE-2023-29499

Alpine Linux: CVE-2023-32611: Uncontrolled Resource Consumption Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. Solution(s) alpine-linux-upgrade-glib References https://attackerkb.com/topics/cve-2023-32611 CVE - 2023-32611 https://security.alpinelinux.org/vuln/CVE-2023-32611

Azul Zulu: CVE-2023-32636: Vulnerability in the JavaFX component Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 04/24/2024 Added 04/19/2024 Modified 01/28/2025 Description A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. Solution(s) azul-zulu-upgrade-latest References https://attackerkb.com/topics/cve-2023-32636 CVE - 2023-32636 https://www.azul.com/downloads/

Ubuntu: USN-6373-1 (CVE-2023-4156): gawk vulnerability Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:C) Published 09/14/2023 Created 09/18/2023 Added 09/18/2023 Modified 01/28/2025 Description A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information. Solution(s) ubuntu-pro-upgrade-gawk References https://attackerkb.com/topics/cve-2023-4156 CVE - 2023-4156 USN-6373-1

SUSE: CVE-2023-25585: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service. Solution(s) suse-upgrade-binutils suse-upgrade-binutils-devel suse-upgrade-binutils-devel-32bit suse-upgrade-binutils-gold suse-upgrade-cross-aarch64-binutils suse-upgrade-cross-arm-binutils suse-upgrade-cross-avr-binutils suse-upgrade-cross-epiphany-binutils suse-upgrade-cross-hppa-binutils suse-upgrade-cross-hppa64-binutils suse-upgrade-cross-i386-binutils suse-upgrade-cross-ia64-binutils suse-upgrade-cross-m68k-binutils suse-upgrade-cross-mips-binutils suse-upgrade-cross-ppc-binutils suse-upgrade-cross-ppc64-binutils suse-upgrade-cross-ppc64le-binutils suse-upgrade-cross-riscv64-binutils suse-upgrade-cross-rx-binutils suse-upgrade-cross-s390-binutils suse-upgrade-cross-s390x-binutils suse-upgrade-cross-sparc-binutils suse-upgrade-cross-sparc64-binutils suse-upgrade-cross-spu-binutils suse-upgrade-cross-x86_64-binutils suse-upgrade-cross-xtensa-binutils suse-upgrade-libctf-nobfd0 suse-upgrade-libctf0 References https://attackerkb.com/topics/cve-2023-25585 CVE - 2023-25585

Huawei EulerOS: CVE-2023-25588: binutils security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service. Solution(s) huawei-euleros-2_0_sp8-upgrade-binutils huawei-euleros-2_0_sp8-upgrade-binutils-devel References https://attackerkb.com/topics/cve-2023-25588 CVE - 2023-25588 EulerOS-SA-2023-3114

Alma Linux: CVE-2023-32611: Low: glib2 security and bug fix update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. Solution(s) alma-upgrade-glib2 alma-upgrade-glib2-devel alma-upgrade-glib2-doc alma-upgrade-glib2-static alma-upgrade-glib2-tests alma-upgrade-mingw32-glib2 alma-upgrade-mingw32-glib2-static alma-upgrade-mingw64-glib2 alma-upgrade-mingw64-glib2-static References https://attackerkb.com/topics/cve-2023-32611 CVE - 2023-32611 https://errata.almalinux.org/9/ALSA-2023-6631.html https://errata.almalinux.org/9/ALSA-2024-2528.html

Red Hat: CVE-2023-29499: GVariant offset table entry size is not checked in is_normal() (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. Solution(s) redhat-upgrade-glib2 redhat-upgrade-glib2-debuginfo redhat-upgrade-glib2-debugsource redhat-upgrade-glib2-devel redhat-upgrade-glib2-devel-debuginfo redhat-upgrade-glib2-doc redhat-upgrade-glib2-static redhat-upgrade-glib2-tests redhat-upgrade-glib2-tests-debuginfo redhat-upgrade-mingw32-glib2 redhat-upgrade-mingw32-glib2-debuginfo redhat-upgrade-mingw32-glib2-static redhat-upgrade-mingw64-glib2 redhat-upgrade-mingw64-glib2-debuginfo redhat-upgrade-mingw64-glib2-static References CVE-2023-29499 RHSA-2023:6631 RHSA-2024:2528

Huawei EulerOS: CVE-2023-25584: binutils security update Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:C) Published 09/14/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. Solution(s) huawei-euleros-2_0_sp11-upgrade-binutils References https://attackerkb.com/topics/cve-2023-25584 CVE - 2023-25584 EulerOS-SA-2023-2832

Amazon Linux AMI 2: CVE-2023-4039: Security patch for gcc, gcc10 (Multiple Advisories) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 09/14/2023 Created 09/14/2023 Added 09/14/2023 Modified 01/28/2025 Description **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. Solution(s) amazon-linux-ami-2-upgrade-cpp amazon-linux-ami-2-upgrade-cpp10 amazon-linux-ami-2-upgrade-gcc amazon-linux-ami-2-upgrade-gcc-base-debuginfo amazon-linux-ami-2-upgrade-gcc-c amazon-linux-ami-2-upgrade-gcc-debuginfo amazon-linux-ami-2-upgrade-gcc-gdb-plugin amazon-linux-ami-2-upgrade-gcc-gfortran amazon-linux-ami-2-upgrade-gcc-gnat amazon-linux-ami-2-upgrade-gcc-go amazon-linux-ami-2-upgrade-gcc-objc amazon-linux-ami-2-upgrade-gcc-plugin-devel amazon-linux-ami-2-upgrade-gcc10 amazon-linux-ami-2-upgrade-gcc10-c amazon-linux-ami-2-upgrade-gcc10-debuginfo amazon-linux-ami-2-upgrade-gcc10-gdb-plugin amazon-linux-ami-2-upgrade-gcc10-gfortran amazon-linux-ami-2-upgrade-gcc10-plugin-devel amazon-linux-ami-2-upgrade-libasan10 amazon-linux-ami-2-upgrade-libasan10-devel amazon-linux-ami-2-upgrade-libatomic amazon-linux-ami-2-upgrade-libatomic10-devel amazon-linux-ami-2-upgrade-libcilkrts amazon-linux-ami-2-upgrade-libgcc amazon-linux-ami-2-upgrade-libgccjit amazon-linux-ami-2-upgrade-libgccjit-devel amazon-linux-ami-2-upgrade-libgfortran amazon-linux-ami-2-upgrade-libgfortran10 amazon-linux-ami-2-upgrade-libgnat amazon-linux-ami-2-upgrade-libgo amazon-linux-ami-2-upgrade-libgomp amazon-linux-ami-2-upgrade-libitm amazon-linux-ami-2-upgrade-libitm10-devel amazon-linux-ami-2-upgrade-libmpx amazon-linux-ami-2-upgrade-libobjc amazon-linux-ami-2-upgrade-libquadmath amazon-linux-ami-2-upgrade-libquadmath10-devel amazon-linux-ami-2-upgrade-libsanitizer amazon-linux-ami-2-upgrade-libstdc amazon-linux-ami-2-upgrade-libstdc-10-devel amazon-linux-ami-2-upgrade-libstdc-10-docs amazon-linux-ami-2-upgrade-libstdc-docs References https://attackerkb.com/topics/cve-2023-4039 AL2/ALAS-2023-2244 AL2/ALAS-2023-2245 CVE - 2023-4039

SUSE: CVE-2023-25588: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service. Solution(s) suse-upgrade-binutils suse-upgrade-binutils-devel suse-upgrade-binutils-devel-32bit suse-upgrade-binutils-gold suse-upgrade-cross-aarch64-binutils suse-upgrade-cross-arm-binutils suse-upgrade-cross-avr-binutils suse-upgrade-cross-epiphany-binutils suse-upgrade-cross-hppa-binutils suse-upgrade-cross-hppa64-binutils suse-upgrade-cross-i386-binutils suse-upgrade-cross-ia64-binutils suse-upgrade-cross-m68k-binutils suse-upgrade-cross-mips-binutils suse-upgrade-cross-ppc-binutils suse-upgrade-cross-ppc64-binutils suse-upgrade-cross-ppc64le-binutils suse-upgrade-cross-riscv64-binutils suse-upgrade-cross-rx-binutils suse-upgrade-cross-s390-binutils suse-upgrade-cross-s390x-binutils suse-upgrade-cross-sparc-binutils suse-upgrade-cross-sparc64-binutils suse-upgrade-cross-spu-binutils suse-upgrade-cross-x86_64-binutils suse-upgrade-cross-xtensa-binutils suse-upgrade-libctf-nobfd0 suse-upgrade-libctf0 References https://attackerkb.com/topics/cve-2023-25588 CVE - 2023-25588

Azul Zulu: CVE-2023-29499: Vulnerability in the JavaFX component Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 04/24/2024 Added 04/19/2024 Modified 01/28/2025 Description A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. Solution(s) azul-zulu-upgrade-latest References https://attackerkb.com/topics/cve-2023-29499 CVE - 2023-29499 https://www.azul.com/downloads/

Azul Zulu: CVE-2023-32665: Vulnerability in the JavaFX component Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 04/24/2024 Added 04/19/2024 Modified 01/28/2025 Description A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. Solution(s) azul-zulu-upgrade-latest References https://attackerkb.com/topics/cve-2023-32665 CVE - 2023-32665 https://www.azul.com/downloads/

Debian: CVE-2023-32665: glib2.0 -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. Solution(s) debian-upgrade-glib2-0 References https://attackerkb.com/topics/cve-2023-32665 CVE - 2023-32665 DLA-3583-1

Huawei EulerOS: CVE-2023-25585: binutils security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service. Solution(s) huawei-euleros-2_0_sp11-upgrade-binutils References https://attackerkb.com/topics/cve-2023-25585 CVE - 2023-25585 EulerOS-SA-2023-2675

Alpine Linux: CVE-2023-25586: Use of Uninitialized Resource Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service. Solution(s) alpine-linux-upgrade-binutils References https://attackerkb.com/topics/cve-2023-25586 CVE - 2023-25586 https://security.alpinelinux.org/vuln/CVE-2023-25586

VMware Photon OS: CVE-2023-32643 Severity 5 CVSS (AV:L/AC:L/Au:N/C:P/I:P/A:P) Published 09/14/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-32643 CVE - 2023-32643

VMware Photon OS: CVE-2023-32636 Severity 4 CVSS (AV:L/AC:H/Au:S/C:N/I:N/A:C) Published 09/14/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-32636 CVE - 2023-32636

VMware Photon OS: CVE-2023-32665 Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-32665 CVE - 2023-32665

Huawei EulerOS: CVE-2023-25584: binutils security update Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:C) Published 09/14/2023 Created 07/23/2024 Added 07/23/2024 Modified 01/28/2025 Description An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. Solution(s) huawei-euleros-2_0_sp8-upgrade-binutils huawei-euleros-2_0_sp8-upgrade-binutils-devel References https://attackerkb.com/topics/cve-2023-25584 CVE - 2023-25584 EulerOS-SA-2024-2457

VMware Photon OS: CVE-2023-25584 Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:N/A:C) Published 09/14/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-25584 CVE - 2023-25584

Red Hat: CVE-2023-32611: g_variant_byteswap() can take a long time with some non-normal inputs (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. Solution(s) redhat-upgrade-glib2 redhat-upgrade-glib2-debuginfo redhat-upgrade-glib2-debugsource redhat-upgrade-glib2-devel redhat-upgrade-glib2-devel-debuginfo redhat-upgrade-glib2-doc redhat-upgrade-glib2-static redhat-upgrade-glib2-tests redhat-upgrade-glib2-tests-debuginfo redhat-upgrade-mingw32-glib2 redhat-upgrade-mingw32-glib2-debuginfo redhat-upgrade-mingw32-glib2-static redhat-upgrade-mingw64-glib2 redhat-upgrade-mingw64-glib2-debuginfo redhat-upgrade-mingw64-glib2-static References CVE-2023-32611 RHSA-2023:6631 RHSA-2024:2528