ISHACK AI BOT

VMware Photon OS: CVE-2023-38409 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 07/17/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-38409 CVE - 2023-38409

VMware Photon OS: CVE-2023-38431 Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 07/17/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-38431 CVE - 2023-38431

VMware Photon OS: CVE-2023-38429 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/17/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-38429 CVE - 2023-38429

VMware Photon OS: CVE-2023-38428 Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 07/17/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-38428 CVE - 2023-38428

VMware Photon OS: CVE-2023-38430 Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 07/17/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-38430 CVE - 2023-38430

VMware Photon OS: CVE-2023-38403 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/17/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-38403 CVE - 2023-38403

Debian: CVE-2023-2975: openssl -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 07/14/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. As this issue does not affect non-empty associated data authentication and we expect it to be rare for an application to use empty associated data entries this is qualified as Low severity issue. Solution(s) debian-upgrade-openssl References https://attackerkb.com/topics/cve-2023-2975 CVE - 2023-2975

Alma Linux: CVE-2023-2975: Low: openssl and openssl-fips-provider security update (ALSA-2024-2447) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 07/14/2023 Created 05/08/2024 Added 05/08/2024 Modified 01/28/2025 Description Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. As this issue does not affect non-empty associated data authentication and we expect it to be rare for an application to use empty associated data entries this is qualified as Low severity issue. Solution(s) alma-upgrade-openssl alma-upgrade-openssl-devel alma-upgrade-openssl-libs alma-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2023-2975 CVE - 2023-2975 https://errata.almalinux.org/9/ALSA-2024-2447.html

Gentoo Linux: CVE-2023-2975: OpenSSL: Multiple Vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 07/14/2023 Created 02/06/2024 Added 02/05/2024 Modified 01/28/2025 Description Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. As this issue does not affect non-empty associated data authentication and we expect it to be rare for an application to use empty associated data entries this is qualified as Low severity issue. Solution(s) gentoo-linux-upgrade-dev-libs-openssl References https://attackerkb.com/topics/cve-2023-2975 CVE - 2023-2975 202402-08

Alpine Linux: CVE-2023-38325: Improper Certificate Validation Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/14/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options. Solution(s) alpine-linux-upgrade-py3-cryptography References https://attackerkb.com/topics/cve-2023-38325 CVE - 2023-38325 https://security.alpinelinux.org/vuln/CVE-2023-38325

Alpine Linux: CVE-2023-37464: Use of a Broken or Risky Cryptographic Algorithm Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/14/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The specsays that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC). Solution(s) alpine-linux-upgrade-cjose References https://attackerkb.com/topics/cve-2023-37464 CVE - 2023-37464 https://security.alpinelinux.org/vuln/CVE-2023-37464

Ubuntu: (CVE-2023-38252): w3m vulnerability Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 07/14/2023 Created 11/23/2024 Added 11/22/2024 Modified 01/28/2025 Description An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. Solution(s) ubuntu-pro-upgrade-w3m References https://attackerkb.com/topics/cve-2023-38252 CVE - 2023-38252 https://access.redhat.com/security/cve/CVE-2023-38252 https://www.cve.org/CVERecord?id=CVE-2023-38252

OpenSSL vulnerability (CVE-2023-2975) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 07/14/2023 Created 06/06/2024 Added 06/05/2024 Modified 01/28/2025 Description Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. As this issue does not affect non-empty associated data authentication and we expect it to be rare for an application to use empty associated data entries this is qualified as Low severity issue. Solution(s) http-openssl-3_0_10-upgrade-3_0_10 http-openssl-3_1_2-upgrade-3_1_2 References https://attackerkb.com/topics/cve-2023-2975 CVE - 2023-2975

SUSE: CVE-2023-3648: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 07/14/2023 Created 08/10/2023 Added 08/10/2023 Modified 01/28/2025 Description Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file Solution(s) suse-upgrade-libwireshark15 suse-upgrade-libwiretap12 suse-upgrade-libwsutil13 suse-upgrade-wireshark suse-upgrade-wireshark-devel suse-upgrade-wireshark-ui-qt References https://attackerkb.com/topics/cve-2023-3648 CVE - 2023-3648

CVE-2023-2975: Improper Authentication Severity 1 CVSS (AV:L/AC:H/Au:N/C:N/I:P/A:N) Published 07/14/2023 Created 03/20/2024 Added 03/19/2024 Modified 04/23/2024 Description Deprecated. Solution(s) References https://attackerkb.com/topics/cve-2023-2975 CVE - 2023-2975 https://docs.rapid7.com/release-notes/insightagent/20240314/

Alma Linux: CVE-2023-37464: Important: mod_auth_openidc:2.3 security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/14/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The specsays that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC). Solution(s) alma-upgrade-cjose alma-upgrade-cjose-devel alma-upgrade-mod_auth_openidc References https://attackerkb.com/topics/cve-2023-37464 CVE - 2023-37464 https://errata.almalinux.org/8/ALSA-2023-4418.html https://errata.almalinux.org/9/ALSA-2023-4411.html

VMware Photon OS: CVE-2023-3648 Severity 5 CVSS (AV:L/AC:L/Au:N/C:P/I:P/A:P) Published 07/14/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-3648 CVE - 2023-3648

Alpine Linux: CVE-2023-2975: Improper Authentication Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 07/14/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be mislead by removing adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. As this issue does not affect non-empty associated data authentication and we expect it to be rare for an application to use empty associated data entries this is qualified as Low severity issue. Solution(s) alpine-linux-upgrade-openssl3 alpine-linux-upgrade-openssl References https://attackerkb.com/topics/cve-2023-2975 CVE - 2023-2975 https://security.alpinelinux.org/vuln/CVE-2023-2975

Rocky Linux: CVE-2023-37464: mod_auth_openidc-2.3 (RLSA-2023-4418) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/14/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The specsays that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC). Solution(s) rocky-upgrade-cjose rocky-upgrade-cjose-debuginfo rocky-upgrade-cjose-debugsource rocky-upgrade-cjose-devel rocky-upgrade-mod_auth_openidc rocky-upgrade-mod_auth_openidc-debuginfo rocky-upgrade-mod_auth_openidc-debugsource References https://attackerkb.com/topics/cve-2023-37464 CVE - 2023-37464 https://errata.rockylinux.org/RLSA-2023:4418

Rocky Linux: CVE-2023-2975: openssl (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 07/14/2023 Created 07/19/2024 Added 07/16/2024 Modified 01/28/2025 Description Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. As this issue does not affect non-empty associated data authentication and we expect it to be rare for an application to use empty associated data entries this is qualified as Low severity issue. Solution(s) rocky-upgrade-openssl rocky-upgrade-openssl-debuginfo rocky-upgrade-openssl-debugsource rocky-upgrade-openssl-devel rocky-upgrade-openssl-fips-provider rocky-upgrade-openssl-fips-provider-debuginfo rocky-upgrade-openssl-fips-provider-debugsource rocky-upgrade-openssl-libs rocky-upgrade-openssl-libs-debuginfo rocky-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2023-2975 CVE - 2023-2975 https://access.redhat.com/errata/RHSA-2024:2447

Wireshark : CVE-2023-3648 : Kafka dissector crash Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 07/14/2023 Created 09/25/2024 Added 09/24/2024 Modified 01/28/2025 Description Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file Solution(s) wireshark-upgrade-3_6_15 wireshark-upgrade-4_0_7 References https://attackerkb.com/topics/cve-2023-3648 CVE - 2023-3648 https://www.wireshark.org/security/wnpa-sec-2023-21.html

Wireshark : CVE-2023-3649 : iSCSI dissector crash Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 07/14/2023 Created 09/25/2024 Added 09/24/2024 Modified 01/28/2025 Description iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file Solution(s) wireshark-upgrade-3_6_16 wireshark-upgrade-4_0_7 References https://attackerkb.com/topics/cve-2023-3649 CVE - 2023-3649 https://www.wireshark.org/security/wnpa-sec-2023-22.html

FreeBSD: VID-41C60E16-2405-11EE-A0D1-84A93843EB75 (CVE-2023-2975): OpenSSL -- AES-SIV implementation ignores empty associated data entries Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 07/14/2023 Created 07/19/2023 Added 07/18/2023 Modified 01/28/2025 Description Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be mislead by removing adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. As this issue does not affect non-empty associated data authentication and we expect it to be rare for an application to use empty associated data entries this is qualified as Low severity issue. Solution(s) freebsd-upgrade-package-openssl30 freebsd-upgrade-package-openssl31 References CVE-2023-2975

CentOS Linux: CVE-2023-37464: Important: cjose security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/14/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/28/2025 Description OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The specsays that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC). Solution(s) centos-upgrade-cjose centos-upgrade-cjose-debuginfo centos-upgrade-cjose-debugsource centos-upgrade-cjose-devel centos-upgrade-mod_auth_openidc centos-upgrade-mod_auth_openidc-debuginfo centos-upgrade-mod_auth_openidc-debugsource References CVE-2023-37464

SUSE: CVE-2023-38253: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 07/14/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. Solution(s) suse-upgrade-w3m suse-upgrade-w3m-inline-image References https://attackerkb.com/topics/cve-2023-38253 CVE - 2023-38253