ISHACK AI BOT

OS X update for Accessibility (CVE-2020-19190) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Amazon Linux 2023: CVE-2022-48064: Medium priority package update for binutils Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. Solution(s) amazon-linux-2023-upgrade-binutils amazon-linux-2023-upgrade-binutils-debuginfo amazon-linux-2023-upgrade-binutils-debugsource amazon-linux-2023-upgrade-binutils-devel amazon-linux-2023-upgrade-binutils-gprofng amazon-linux-2023-upgrade-binutils-gprofng-debuginfo References https://attackerkb.com/topics/cve-2022-48064 CVE - 2022-48064 https://alas.aws.amazon.com/AL2023/ALAS-2023-334.html

Amazon Linux 2023: CVE-2022-47069: Medium priority package update for p7zip Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp. Solution(s) amazon-linux-2023-upgrade-p7zip amazon-linux-2023-upgrade-p7zip-debugsource amazon-linux-2023-upgrade-p7zip-doc amazon-linux-2023-upgrade-p7zip-plugins amazon-linux-2023-upgrade-p7zip-plugins-debuginfo References https://attackerkb.com/topics/cve-2022-47069 CVE - 2022-47069 https://alas.aws.amazon.com/AL2023/ALAS-2024-481.html

Ubuntu: USN-6586-1 (CVE-2020-21428): FreeImage vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 01/18/2024 Added 01/17/2024 Modified 01/28/2025 Description Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file. Solution(s) ubuntu-pro-upgrade-libfreeimage3 ubuntu-pro-upgrade-libfreeimageplus3 References https://attackerkb.com/topics/cve-2020-21428 CVE - 2020-21428 USN-6586-1

SUSE: CVE-2022-45703: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c. Solution(s) suse-upgrade-binutils suse-upgrade-binutils-devel suse-upgrade-binutils-devel-32bit suse-upgrade-binutils-gold suse-upgrade-cross-aarch64-binutils suse-upgrade-cross-arm-binutils suse-upgrade-cross-avr-binutils suse-upgrade-cross-epiphany-binutils suse-upgrade-cross-hppa-binutils suse-upgrade-cross-hppa64-binutils suse-upgrade-cross-i386-binutils suse-upgrade-cross-ia64-binutils suse-upgrade-cross-m68k-binutils suse-upgrade-cross-mips-binutils suse-upgrade-cross-ppc-binutils suse-upgrade-cross-ppc64-binutils suse-upgrade-cross-ppc64le-binutils suse-upgrade-cross-riscv64-binutils suse-upgrade-cross-rx-binutils suse-upgrade-cross-s390-binutils suse-upgrade-cross-s390x-binutils suse-upgrade-cross-sparc-binutils suse-upgrade-cross-sparc64-binutils suse-upgrade-cross-spu-binutils suse-upgrade-cross-x86_64-binutils suse-upgrade-cross-xtensa-binutils suse-upgrade-libctf-nobfd0 suse-upgrade-libctf0 References https://attackerkb.com/topics/cve-2022-45703 CVE - 2022-45703

Amazon Linux 2023: CVE-2022-45703: Medium priority package update for binutils Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c. Solution(s) amazon-linux-2023-upgrade-binutils amazon-linux-2023-upgrade-binutils-debuginfo amazon-linux-2023-upgrade-binutils-debugsource amazon-linux-2023-upgrade-binutils-devel amazon-linux-2023-upgrade-binutils-gprofng amazon-linux-2023-upgrade-binutils-gprofng-debuginfo References https://attackerkb.com/topics/cve-2022-45703 CVE - 2022-45703 https://alas.aws.amazon.com/AL2023/ALAS-2023-334.html

Amazon Linux 2023: CVE-2022-48063: Medium priority package update for binutils Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. Solution(s) amazon-linux-2023-upgrade-binutils amazon-linux-2023-upgrade-binutils-debuginfo amazon-linux-2023-upgrade-binutils-debugsource amazon-linux-2023-upgrade-binutils-devel amazon-linux-2023-upgrade-binutils-gprofng amazon-linux-2023-upgrade-binutils-gprofng-debuginfo References https://attackerkb.com/topics/cve-2022-48063 CVE - 2022-48063 https://alas.aws.amazon.com/AL2023/ALAS-2023-334.html

Amazon Linux 2023: CVE-2022-47695: Medium priority package update for binutils Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. Solution(s) amazon-linux-2023-upgrade-binutils amazon-linux-2023-upgrade-binutils-debuginfo amazon-linux-2023-upgrade-binutils-debugsource amazon-linux-2023-upgrade-binutils-devel amazon-linux-2023-upgrade-binutils-gprofng amazon-linux-2023-upgrade-binutils-gprofng-debuginfo References https://attackerkb.com/topics/cve-2022-47695 CVE - 2022-47695 https://alas.aws.amazon.com/AL2023/ALAS-2023-334.html

Debian: CVE-2021-33388: dpic -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.y Solution(s) debian-upgrade-dpic References https://attackerkb.com/topics/cve-2021-33388 CVE - 2021-33388

Ubuntu: USN-6393-1 (CVE-2022-48541): ImageMagick vulnerability Severity 8 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:C) Published 08/22/2023 Created 09/22/2023 Added 09/22/2023 Modified 01/30/2025 Description A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command. Solution(s) ubuntu-pro-upgrade-imagemagick ubuntu-pro-upgrade-imagemagick-6-q16 ubuntu-pro-upgrade-imagemagick-6-q16hdri References https://attackerkb.com/topics/cve-2022-48541 CVE - 2022-48541 USN-6393-1

Alpine Linux: CVE-2022-48065: Missing Release of Memory after Effective Lifetime Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. Solution(s) alpine-linux-upgrade-binutils References https://attackerkb.com/topics/cve-2022-48065 CVE - 2022-48065 https://security.alpinelinux.org/vuln/CVE-2022-48065

Alpine Linux: CVE-2022-48174: Out-of-bounds Write Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/02/2024 Description There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. Solution(s) alpine-linux-upgrade-busybox References https://attackerkb.com/topics/cve-2022-48174 CVE - 2022-48174 https://security.alpinelinux.org/vuln/CVE-2022-48174

Red Hat: CVE-2020-18770: zziplib: invalid memory access at zzip_disk_entry_to_file_header in mmapped.c (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 05/01/2024 Added 05/01/2024 Modified 09/03/2024 Description An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service. Solution(s) redhat-upgrade-zziplib redhat-upgrade-zziplib-debuginfo redhat-upgrade-zziplib-debugsource redhat-upgrade-zziplib-devel redhat-upgrade-zziplib-utils redhat-upgrade-zziplib-utils-debuginfo References CVE-2020-18770 RHSA-2024:2377 RHSA-2024:3127

Red Hat: CVE-2020-22218: Moderate: libssh2 security update (RHSA-2023:5615) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/11/2023 Added 10/11/2023 Modified 01/28/2025 Description An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory. Solution(s) redhat-upgrade-libssh2 redhat-upgrade-libssh2-debuginfo redhat-upgrade-libssh2-devel redhat-upgrade-libssh2-docs References CVE-2020-22218

Rocky Linux: CVE-2020-18651: exempi (RLSA-2024-3066) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame. Solution(s) rocky-upgrade-exempi rocky-upgrade-exempi-debuginfo rocky-upgrade-exempi-debugsource rocky-upgrade-exempi-devel References https://attackerkb.com/topics/cve-2020-18651 CVE - 2020-18651 https://errata.rockylinux.org/RLSA-2024:3066

Alpine Linux: CVE-2022-43357: Out-of-bounds Write Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2. Solution(s) alpine-linux-upgrade-libsass alpine-linux-upgrade-sassc References https://attackerkb.com/topics/cve-2022-43357 CVE - 2022-43357 https://security.alpinelinux.org/vuln/CVE-2022-43357

Red Hat: CVE-2020-18651: exempi: denial of service via opening of crafted audio file with ID3V2 frame (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 05/24/2024 Added 05/23/2024 Modified 05/23/2024 Description Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame. Solution(s) redhat-upgrade-exempi redhat-upgrade-exempi-debuginfo redhat-upgrade-exempi-debugsource redhat-upgrade-exempi-devel References CVE-2020-18651 RHSA-2024:3066

Alpine Linux: CVE-2022-43358: Out-of-bounds Write Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS). Solution(s) alpine-linux-upgrade-libsass References https://attackerkb.com/topics/cve-2022-43358 CVE - 2022-43358 https://security.alpinelinux.org/vuln/CVE-2022-43358

OS X update for curl (CVE-2020-19187) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Red Hat: CVE-2020-22217: c-ares: Heap buffer over read in ares_parse_soa_reply (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c. Solution(s) redhat-upgrade-c-ares redhat-upgrade-c-ares-debuginfo redhat-upgrade-c-ares-debugsource redhat-upgrade-c-ares-devel References CVE-2020-22217 RHSA-2023:7207 RHSA-2024:0419 RHSA-2024:0578

Alpine Linux: CVE-2022-47695: Vulnerability in Binutils Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 08/22/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. Solution(s) alpine-linux-upgrade-binutils References https://attackerkb.com/topics/cve-2022-47695 CVE - 2022-47695 https://security.alpinelinux.org/vuln/CVE-2022-47695

Ubuntu: (Multiple Advisories) (CVE-2022-47008): GNU binutils vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. Solution(s) ubuntu-pro-upgrade-binutils ubuntu-pro-upgrade-binutils-multiarch References https://attackerkb.com/topics/cve-2022-47008 CVE - 2022-47008 USN-6413-1 USN-6581-1

Amazon Linux AMI: CVE-2020-22218: Security patch for libssh2 (ALAS-2023-1834) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 09/28/2023 Added 09/26/2023 Modified 01/28/2025 Description An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory. Solution(s) amazon-linux-upgrade-libssh2 References ALAS-2023-1834 CVE-2020-22218

Ubuntu: USN-6381-1 (CVE-2020-21490): GNU binutils vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/22/2023 Created 09/20/2023 Added 09/19/2023 Modified 01/28/2025 Description An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled. Solution(s) ubuntu-pro-upgrade-binutils ubuntu-pro-upgrade-binutils-multiarch References https://attackerkb.com/topics/cve-2020-21490 CVE - 2020-21490 USN-6381-1

Ubuntu: (CVE-2020-27418): linux vulnerability Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 08/22/2023 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgacon_invert_region() function. Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-fips ubuntu-upgrade-linux-aws-hwe ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-azure-fips ubuntu-upgrade-linux-fips ubuntu-upgrade-linux-gcp ubuntu-upgrade-linux-hwe ubuntu-upgrade-linux-kvm ubuntu-upgrade-linux-lts-xenial ubuntu-upgrade-linux-oem-osp1 ubuntu-upgrade-linux-oracle References https://attackerkb.com/topics/cve-2020-27418 CVE - 2020-27418 https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56 https://patchwork.freedesktop.org/patch/356372/ https://www.cve.org/CVERecord?id=CVE-2020-27418