ISHACK AI BOT

Oracle Linux: CVE-2023-0567: ELSA-2023-5927:php:8.0 security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 02/15/2023 Created 10/24/2023 Added 10/23/2023 Modified 01/08/2025 Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. A vulnerability was found in PHP. This security flaw occurs when malformatted BCrypt hashes that include a $ within their salt part trigger a buffer overread and may erroneously validate any password as valid. Solution(s) oracle-linux-upgrade-apcu-panel oracle-linux-upgrade-libzip oracle-linux-upgrade-libzip-devel oracle-linux-upgrade-libzip-tools oracle-linux-upgrade-php oracle-linux-upgrade-php-bcmath oracle-linux-upgrade-php-cli oracle-linux-upgrade-php-common oracle-linux-upgrade-php-dba oracle-linux-upgrade-php-dbg oracle-linux-upgrade-php-devel oracle-linux-upgrade-php-embedded oracle-linux-upgrade-php-enchant oracle-linux-upgrade-php-ffi oracle-linux-upgrade-php-fpm oracle-linux-upgrade-php-gd oracle-linux-upgrade-php-gmp oracle-linux-upgrade-php-intl oracle-linux-upgrade-php-json oracle-linux-upgrade-php-ldap oracle-linux-upgrade-php-mbstring oracle-linux-upgrade-php-mysqlnd oracle-linux-upgrade-php-odbc oracle-linux-upgrade-php-opcache oracle-linux-upgrade-php-pdo oracle-linux-upgrade-php-pear oracle-linux-upgrade-php-pecl-apcu oracle-linux-upgrade-php-pecl-apcu-devel oracle-linux-upgrade-php-pecl-rrd oracle-linux-upgrade-php-pecl-xdebug oracle-linux-upgrade-php-pecl-xdebug3 oracle-linux-upgrade-php-pecl-zip oracle-linux-upgrade-php-pgsql oracle-linux-upgrade-php-process oracle-linux-upgrade-php-snmp oracle-linux-upgrade-php-soap oracle-linux-upgrade-php-xml oracle-linux-upgrade-php-xmlrpc References https://attackerkb.com/topics/cve-2023-0567 CVE - 2023-0567 ELSA-2023-5927 ELSA-2023-5926 ELSA-2024-0387 ELSA-2024-10952

MFSA2023-07 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.8 (CVE-2023-25729) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/15/2023 Created 02/18/2023 Added 02/17/2023 Modified 01/28/2025 Description Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) mozilla-thunderbird-upgrade-102_8 References https://attackerkb.com/topics/cve-2023-25729 CVE - 2023-25729 http://www.mozilla.org/security/announce/2023/mfsa2023-07.html

FreeBSD: VID-BE233FC6-BAE7-11ED-A4FB-080027F5FEC9 (CVE-2023-23914): curl -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:N) Published 02/15/2023 Created 03/08/2023 Added 03/06/2023 Modified 01/28/2025 Description A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on. Solution(s) freebsd-upgrade-package-curl References CVE-2023-23914

Microsoft Office: CVE-2023-21715: Microsoft Publisher Security Features Bypass Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 02/15/2023 Created 02/18/2023 Added 02/15/2023 Modified 01/28/2025 Description Microsoft Publisher Security Features Bypass Vulnerability Solution(s) office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2023-21715 CVE - 2023-21715

Amazon Linux 2023: CVE-2022-41724: Important priority package update for golang Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/15/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth &gt;= RequestClientCert). A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. Solution(s) amazon-linux-2023-upgrade-golang amazon-linux-2023-upgrade-golang-bin amazon-linux-2023-upgrade-golang-docs amazon-linux-2023-upgrade-golang-misc amazon-linux-2023-upgrade-golang-race amazon-linux-2023-upgrade-golang-shared amazon-linux-2023-upgrade-golang-src amazon-linux-2023-upgrade-golang-tests References https://attackerkb.com/topics/cve-2022-41724 CVE - 2022-41724 https://alas.aws.amazon.com/AL2023/ALAS-2023-175.html

Amazon Linux 2023: CVE-2023-23914: Medium priority package update for curl Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 02/15/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A cleartext transmission of sensitive information vulnerability exists in curl &lt;v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on. A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity. Solution(s) amazon-linux-2023-upgrade-curl amazon-linux-2023-upgrade-curl-debuginfo amazon-linux-2023-upgrade-curl-debugsource amazon-linux-2023-upgrade-curl-minimal amazon-linux-2023-upgrade-curl-minimal-debuginfo amazon-linux-2023-upgrade-libcurl amazon-linux-2023-upgrade-libcurl-debuginfo amazon-linux-2023-upgrade-libcurl-devel amazon-linux-2023-upgrade-libcurl-minimal amazon-linux-2023-upgrade-libcurl-minimal-debuginfo References https://attackerkb.com/topics/cve-2023-23914 CVE - 2023-23914 https://alas.aws.amazon.com/AL2023/ALAS-2023-114.html

SolarWinds Orion Platform: SolarWinds Platform Deserialization of Untrusted Data Vulnerability (CVE-2022-47507) Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 02/15/2023 Created 07/28/2023 Added 07/27/2023 Modified 01/28/2025 Description SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. Solution(s) solarwinds-orion-platform-upgrade-latest References https://attackerkb.com/topics/cve-2022-47507 CVE - 2022-47507 https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47507

Ubuntu: USN-5901-1 (CVE-2023-0361): GnuTLS vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 02/15/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. Solution(s) ubuntu-upgrade-libgnutls30 References https://attackerkb.com/topics/cve-2023-0361 CVE - 2023-0361 USN-5901-1

pfSense: pfSense-SA-23_04.webgui: Authenticated Command Execution in the WebGUI Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/15/2023 Created 02/17/2023 Added 02/16/2023 Modified 02/17/2023 Description A potential authenticated arbitrary command execution vulnerability was found in status.php, a component of the pfSense Plus and pfSense CE software GUI. If there is a file named '/tmp/rules.packages.|<command>|.txt', then when an authenticated GUI user loads status.php, the GUI executes '<command>'. This problem is present on pfSense Plus version 22.05.1, pfSense CE version 2.6.0, and earlier versions of both. In combination with another bug that lets users write arbitrary files, a user with sufficient privileges to access status.php could run a command directly or trick another administrator with privileges into running a command. The commands which work here are of limited use as other characters which might make it more useful also make it fail to trigger. Furthermore, status.php is not linked in the GUI and is typically only run under direction of TAC, so opportunity for exploitation is fairly low. Solution(s) pfsense-upgrade-latest References https://docs.netgate.com/downloads/pfSense-SA-23_04.webgui.asc https://docs.netgate.com/pfsense/en/latest/development/system-patches.html https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide.html https://redmine.pfsense.org/issues/13426

Debian: CVE-2023-24580: python-django -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/15/2023 Created 02/22/2023 Added 02/22/2023 Modified 01/28/2025 Description An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. Solution(s) debian-upgrade-python-django References https://attackerkb.com/topics/cve-2023-24580 CVE - 2023-24580 DLA-3329-1

pfSense: pfSense-SA-23_03.webgui: Authenticated Arbitrary file create in the WebGUI Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/15/2023 Created 02/17/2023 Added 02/16/2023 Modified 02/17/2023 Description A potential authenticated arbitrary file creation vulnerability was found when creating or editing URL table aliases, a component of the pfSense Plus and pfSense CE software GUI. When validating an alias on save, the name was checked for validity, however the name was still used during the validation by process_alias_urltable(). The function used the name submitted by the user for a filename which means it could have included invalid components such as "../", "|" and other characters to traverse paths and create arbitrary files. This problem is present on pfSense Plus version 22.05.1, pfSense CE version 2.6.0, and earlier versions of both. N.B.: pfSense Plus version 22.05.1 included a partial fix which introduced a PHP error in certain cases when working with URL table aliases. Due to the lack of validation and sanitization, an authenticated user with sufficient access to work with URL table aliases could potentially have the ability to create files with arbitrary names on the firewall filesystem. Solution(s) pfsense-upgrade-latest References https://docs.netgate.com/downloads/pfSense-SA-23_03.webgui.asc https://docs.netgate.com/pfsense/en/latest/development/system-patches.html https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide.html https://redmine.pfsense.org/issues/13425

Gentoo Linux: CVE-2022-45587: Xpdf: Multiple Vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/15/2023 Created 09/27/2024 Added 09/26/2024 Modified 01/28/2025 Description Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service. Solution(s) gentoo-linux-upgrade-app-text-xpdf References https://attackerkb.com/topics/cve-2022-45587 CVE - 2022-45587 202409-25

Microsoft Office: CVE-2023-21716: Microsoft Word Remote Code Execution Vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/15/2023 Created 02/18/2023 Added 02/15/2023 Modified 01/28/2025 Description Microsoft Word Remote Code Execution Vulnerability Solution(s) microsoft-office_online_server-kb5002309 microsoft-word_2016-kb5002323 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2023-21716 CVE - 2023-21716 https://support.microsoft.com/help/5002309 https://support.microsoft.com/help/5002323

Ubuntu: USN-5868-1 (CVE-2023-24580): Django vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/15/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. Solution(s) ubuntu-upgrade-python-django ubuntu-upgrade-python3-django References https://attackerkb.com/topics/cve-2023-24580 CVE - 2023-24580 USN-5868-1

Red Hat OpenShift: CVE-2023-25761: jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 02/15/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin. Solution(s) linuxrpm-upgrade-jenkins-2-plugins References https://attackerkb.com/topics/cve-2023-25761 CVE - 2023-25761 RHSA-2023:1866 RHSA-2023:3195 RHSA-2023:3198 RHSA-2023:3299 RHSA-2023:6171 RHSA-2023:6172 RHSA-2023:6179 RHSA-2023:7288 RHSA-2024:0775 RHSA-2024:0776 RHSA-2024:0777 RHSA-2024:0778 View more

Gentoo Linux: CVE-2022-45586: Xpdf: Multiple Vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/15/2023 Created 09/27/2024 Added 09/26/2024 Modified 01/28/2025 Description Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service. Solution(s) gentoo-linux-upgrade-app-text-xpdf References https://attackerkb.com/topics/cve-2022-45586 CVE - 2022-45586 202409-25

Red Hat OpenShift: CVE-2023-25762: jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 02/15/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names. Solution(s) linuxrpm-upgrade-jenkins-2-plugins References https://attackerkb.com/topics/cve-2023-25762 CVE - 2023-25762 RHSA-2023:1866 RHSA-2023:3195 RHSA-2023:3198 RHSA-2023:3299 RHSA-2023:6171 RHSA-2023:6172 RHSA-2023:6179 RHSA-2023:7288 RHSA-2024:0775 RHSA-2024:0776 RHSA-2024:0777 RHSA-2024:0778 View more

Amazon Linux 2023: CVE-2023-25173: Medium priority package update for containerd (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:P) Published 02/15/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd&apos;s client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `&quot;USER $USERNAME&quot;` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT [&quot;su&quot;, &quot;-&quot;, &quot;user&quot;]` to allow `su` to properly set up supplementary groups. A flaw was found in containerd, where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases. This issue can allow access to sensitive information or gain the ability to execute code in that container. Solution(s) amazon-linux-2023-upgrade-containerd amazon-linux-2023-upgrade-containerd-debuginfo amazon-linux-2023-upgrade-containerd-debugsource amazon-linux-2023-upgrade-containerd-stress amazon-linux-2023-upgrade-containerd-stress-debuginfo References https://attackerkb.com/topics/cve-2023-25173 CVE - 2023-25173 https://alas.aws.amazon.com/AL2023/ALAS-2023-156.html https://alas.aws.amazon.com/AL2023/ALAS-2023-374.html

Amazon Linux 2023: CVE-2022-41725: Important priority package update for golang Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/15/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing &quot;up to maxMemory bytes +10MB (reserved for non-file parts) in memory&quot;. File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type&apos;s documentation states, &quot;If stored on disk, the File&apos;s underlying concrete type will be an *os.File.&quot;. This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader. A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service. Solution(s) amazon-linux-2023-upgrade-golang amazon-linux-2023-upgrade-golang-bin amazon-linux-2023-upgrade-golang-docs amazon-linux-2023-upgrade-golang-misc amazon-linux-2023-upgrade-golang-race amazon-linux-2023-upgrade-golang-shared amazon-linux-2023-upgrade-golang-src amazon-linux-2023-upgrade-golang-tests References https://attackerkb.com/topics/cve-2022-41725 CVE - 2022-41725 https://alas.aws.amazon.com/AL2023/ALAS-2023-175.html

Alma Linux: CVE-2023-0361: Moderate: gnutls security and bug fix update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 02/15/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. Solution(s) alma-upgrade-gnutls alma-upgrade-gnutls-c++ alma-upgrade-gnutls-dane alma-upgrade-gnutls-devel alma-upgrade-gnutls-utils References https://attackerkb.com/topics/cve-2023-0361 CVE - 2023-0361 https://errata.almalinux.org/8/ALSA-2023-1569.html https://errata.almalinux.org/9/ALSA-2023-1141.html

FreeBSD: VID-BE233FC6-BAE7-11ED-A4FB-080027F5FEC9 (CVE-2023-23916): curl -- multiple vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 02/15/2023 Created 03/08/2023 Added 03/06/2023 Modified 01/28/2025 Description An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. Solution(s) freebsd-upgrade-package-curl References CVE-2023-23916

Oracle Linux: CVE-2022-41725: ELSA-2023-6938:container-tools:4.0 security and bug fix update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/15/2023 Created 05/29/2023 Added 05/25/2023 Modified 01/08/2025 Description A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing &quot;up to maxMemory bytes +10MB (reserved for non-file parts) in memory&quot;. File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type&apos;s documentation states, &quot;If stored on disk, the File&apos;s underlying concrete type will be an *os.File.&quot;. This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader. A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service. Solution(s) oracle-linux-upgrade-aardvark-dns oracle-linux-upgrade-buildah oracle-linux-upgrade-buildah-tests oracle-linux-upgrade-cockpit-podman oracle-linux-upgrade-conmon oracle-linux-upgrade-containernetworking-plugins oracle-linux-upgrade-containers-common oracle-linux-upgrade-container-selinux oracle-linux-upgrade-crit oracle-linux-upgrade-criu oracle-linux-upgrade-criu-devel oracle-linux-upgrade-criu-libs oracle-linux-upgrade-crun oracle-linux-upgrade-delve oracle-linux-upgrade-fuse-overlayfs oracle-linux-upgrade-golang oracle-linux-upgrade-golang-bin oracle-linux-upgrade-golang-docs oracle-linux-upgrade-golang-misc oracle-linux-upgrade-golang-race oracle-linux-upgrade-golang-src oracle-linux-upgrade-golang-tests oracle-linux-upgrade-go-toolset oracle-linux-upgrade-libslirp oracle-linux-upgrade-libslirp-devel oracle-linux-upgrade-netavark oracle-linux-upgrade-oci-seccomp-bpf-hook oracle-linux-upgrade-podman oracle-linux-upgrade-podman-catatonit oracle-linux-upgrade-podman-docker oracle-linux-upgrade-podman-gvproxy oracle-linux-upgrade-podman-plugins oracle-linux-upgrade-podman-remote oracle-linux-upgrade-podman-tests oracle-linux-upgrade-python3-criu oracle-linux-upgrade-python3-podman oracle-linux-upgrade-runc oracle-linux-upgrade-skopeo oracle-linux-upgrade-skopeo-tests oracle-linux-upgrade-slirp4netns oracle-linux-upgrade-udica References https://attackerkb.com/topics/cve-2022-41725 CVE - 2022-41725 ELSA-2023-6938 ELSA-2023-3083 ELSA-2023-6402 ELSA-2023-6474 ELSA-2023-6473 ELSA-2023-6939 ELSA-2023-6363 View more

Amazon Linux 2023: CVE-2023-0567: Important priority package update for php8.1 Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 02/15/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. A vulnerability was found in PHP. This security flaw occurs when malformatted BCrypt hashes that include a $ within their salt part trigger a buffer overread and may erroneously validate any password as valid. Solution(s) amazon-linux-2023-upgrade-php8-1 amazon-linux-2023-upgrade-php8-1-bcmath amazon-linux-2023-upgrade-php8-1-bcmath-debuginfo amazon-linux-2023-upgrade-php8-1-cli amazon-linux-2023-upgrade-php8-1-cli-debuginfo amazon-linux-2023-upgrade-php8-1-common amazon-linux-2023-upgrade-php8-1-common-debuginfo amazon-linux-2023-upgrade-php8-1-dba amazon-linux-2023-upgrade-php8-1-dba-debuginfo amazon-linux-2023-upgrade-php8-1-dbg amazon-linux-2023-upgrade-php8-1-dbg-debuginfo amazon-linux-2023-upgrade-php8-1-debuginfo amazon-linux-2023-upgrade-php8-1-debugsource amazon-linux-2023-upgrade-php8-1-devel amazon-linux-2023-upgrade-php8-1-embedded amazon-linux-2023-upgrade-php8-1-embedded-debuginfo amazon-linux-2023-upgrade-php8-1-enchant amazon-linux-2023-upgrade-php8-1-enchant-debuginfo amazon-linux-2023-upgrade-php8-1-ffi amazon-linux-2023-upgrade-php8-1-ffi-debuginfo amazon-linux-2023-upgrade-php8-1-fpm amazon-linux-2023-upgrade-php8-1-fpm-debuginfo amazon-linux-2023-upgrade-php8-1-gd amazon-linux-2023-upgrade-php8-1-gd-debuginfo amazon-linux-2023-upgrade-php8-1-gmp amazon-linux-2023-upgrade-php8-1-gmp-debuginfo amazon-linux-2023-upgrade-php8-1-intl amazon-linux-2023-upgrade-php8-1-intl-debuginfo amazon-linux-2023-upgrade-php8-1-ldap amazon-linux-2023-upgrade-php8-1-ldap-debuginfo amazon-linux-2023-upgrade-php8-1-mbstring amazon-linux-2023-upgrade-php8-1-mbstring-debuginfo amazon-linux-2023-upgrade-php8-1-mysqlnd amazon-linux-2023-upgrade-php8-1-mysqlnd-debuginfo amazon-linux-2023-upgrade-php8-1-odbc amazon-linux-2023-upgrade-php8-1-odbc-debuginfo amazon-linux-2023-upgrade-php8-1-opcache amazon-linux-2023-upgrade-php8-1-opcache-debuginfo amazon-linux-2023-upgrade-php8-1-pdo amazon-linux-2023-upgrade-php8-1-pdo-debuginfo amazon-linux-2023-upgrade-php8-1-pgsql amazon-linux-2023-upgrade-php8-1-pgsql-debuginfo amazon-linux-2023-upgrade-php8-1-process amazon-linux-2023-upgrade-php8-1-process-debuginfo amazon-linux-2023-upgrade-php8-1-soap amazon-linux-2023-upgrade-php8-1-soap-debuginfo amazon-linux-2023-upgrade-php8-1-tidy amazon-linux-2023-upgrade-php8-1-tidy-debuginfo amazon-linux-2023-upgrade-php8-1-xml amazon-linux-2023-upgrade-php8-1-xml-debuginfo References https://attackerkb.com/topics/cve-2023-0567 CVE - 2023-0567 https://alas.aws.amazon.com/AL2023/ALAS-2023-139.html

MFSA2023-07 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.8 (CVE-2023-25728) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 02/15/2023 Created 02/18/2023 Added 02/17/2023 Modified 01/30/2025 Description The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) mozilla-thunderbird-upgrade-102_8 References https://attackerkb.com/topics/cve-2023-25728 CVE - 2023-25728 http://www.mozilla.org/security/announce/2023/mfsa2023-07.html

Alpine Linux: CVE-2023-24580: Uncontrolled Resource Consumption Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/15/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. Solution(s) alpine-linux-upgrade-py3-django References https://attackerkb.com/topics/cve-2023-24580 CVE - 2023-24580 https://security.alpinelinux.org/vuln/CVE-2023-24580