ISHACK AI BOT

Alpine Linux: CVE-2023-22458: Integer Overflow or Wraparound Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/20/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) alpine-linux-upgrade-redis References https://attackerkb.com/topics/cve-2023-22458 CVE - 2023-22458 https://security.alpinelinux.org/vuln/CVE-2023-22458

Ubuntu: (Multiple Advisories) (CVE-2022-47024): Vim vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/20/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts. Solution(s) ubuntu-pro-upgrade-vim ubuntu-pro-upgrade-vim-athena ubuntu-pro-upgrade-vim-athena-py2 ubuntu-pro-upgrade-vim-gtk ubuntu-pro-upgrade-vim-gtk-py2 ubuntu-pro-upgrade-vim-gtk3 ubuntu-pro-upgrade-vim-gtk3-py2 ubuntu-pro-upgrade-vim-nox ubuntu-pro-upgrade-vim-nox-py2 ubuntu-pro-upgrade-vim-tiny References https://attackerkb.com/topics/cve-2022-47024 CVE - 2022-47024 USN-5836-1 USN-5963-1

Ubuntu: USN-6370-1 (CVE-2022-48279): ModSecurity vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 01/20/2023 Created 09/18/2023 Added 09/18/2023 Modified 01/28/2025 Description In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase. Solution(s) ubuntu-pro-upgrade-libapache2-mod-security2 ubuntu-pro-upgrade-libapache2-modsecurity References https://attackerkb.com/topics/cve-2022-48279 CVE - 2022-48279 USN-6370-1

Debian: CVE-2023-23601: firefox-esr, thunderbird -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/20/2023 Created 01/20/2023 Added 01/20/2023 Modified 01/28/2025 Description Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-23601 CVE - 2023-23601 DLA-3275-1 DSA-5322-1

Debian: CVE-2023-23602: firefox-esr, thunderbird -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/20/2023 Created 01/20/2023 Added 01/20/2023 Modified 01/28/2025 Description A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-23602 CVE - 2023-23602 DLA-3275-1 DSA-5322-1

Alpine Linux: CVE-2022-47024: NULL Pointer Dereference Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/20/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/02/2024 Description A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts. Solution(s) alpine-linux-upgrade-vim References https://attackerkb.com/topics/cve-2022-47024 CVE - 2022-47024 https://security.alpinelinux.org/vuln/CVE-2022-47024

Debian: CVE-2023-24021: modsecurity-apache -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 01/20/2023 Created 01/31/2023 Added 01/30/2023 Modified 01/30/2025 Description Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. Solution(s) debian-upgrade-modsecurity-apache References https://attackerkb.com/topics/cve-2023-24021 CVE - 2023-24021 DLA-3283-1

Alma Linux: CVE-2022-47024: Moderate: vim security update (ALSA-2023-0958) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/20/2023 Created 03/02/2023 Added 03/01/2023 Modified 01/28/2025 Description A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts. Solution(s) alma-upgrade-vim-common alma-upgrade-vim-enhanced alma-upgrade-vim-filesystem alma-upgrade-vim-minimal alma-upgrade-vim-x11 References https://attackerkb.com/topics/cve-2022-47024 CVE - 2022-47024 https://errata.almalinux.org/9/ALSA-2023-0958.html

Alpine Linux: CVE-2022-47015: NULL Pointer Dereference Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 01/20/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/02/2024 Description MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. Solution(s) alpine-linux-upgrade-mariadb References https://attackerkb.com/topics/cve-2022-47015 CVE - 2022-47015 https://security.alpinelinux.org/vuln/CVE-2022-47015

Ubuntu: (Multiple Advisories) (CVE-2023-23605): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/20/2023 Created 01/25/2023 Added 01/23/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-23605 CVE - 2023-23605 CVE-2023-23605 USN-5816-1 USN-5816-2 USN-5824-1

Debian: CVE-2023-22745: tpm2-tss -- security update Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 01/19/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege. Solution(s) debian-upgrade-tpm2-tss References https://attackerkb.com/topics/cve-2023-22745 CVE - 2023-22745

SUSE: CVE-2023-22458: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/20/2023 Created 02/08/2023 Added 02/08/2023 Modified 01/28/2025 Description Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) suse-upgrade-redis References https://attackerkb.com/topics/cve-2023-22458 CVE - 2023-22458

Ubuntu: USN-6796-1 (CVE-2023-22745): TPM2 Software Stack vulnerabilities Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 01/19/2023 Created 06/07/2024 Added 06/06/2024 Modified 01/28/2025 Description tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege. Solution(s) ubuntu-upgrade-libtss2-esys-3-0-2-0 ubuntu-upgrade-libtss2-esys-3-0-2-0t64 ubuntu-upgrade-libtss2-esys0 ubuntu-upgrade-libtss2-fapi1 ubuntu-upgrade-libtss2-fapi1t64 ubuntu-upgrade-libtss2-mu-4-0-1-0t64 ubuntu-upgrade-libtss2-mu0 ubuntu-upgrade-libtss2-policy0 ubuntu-upgrade-libtss2-policy0t64 ubuntu-upgrade-libtss2-rc0 ubuntu-upgrade-libtss2-rc0t64 ubuntu-upgrade-libtss2-sys1 ubuntu-upgrade-libtss2-sys1t64 ubuntu-upgrade-libtss2-tcti-cmd0 ubuntu-upgrade-libtss2-tcti-cmd0t64 ubuntu-upgrade-libtss2-tcti-device0 ubuntu-upgrade-libtss2-tcti-device0t64 ubuntu-upgrade-libtss2-tcti-libtpms0 ubuntu-upgrade-libtss2-tcti-libtpms0t64 ubuntu-upgrade-libtss2-tcti-mssim0 ubuntu-upgrade-libtss2-tcti-mssim0t64 ubuntu-upgrade-libtss2-tcti-pcap0 ubuntu-upgrade-libtss2-tcti-pcap0t64 ubuntu-upgrade-libtss2-tcti-spi-helper0 ubuntu-upgrade-libtss2-tcti-spi-helper0t64 ubuntu-upgrade-libtss2-tcti-swtpm0 ubuntu-upgrade-libtss2-tcti-swtpm0t64 ubuntu-upgrade-libtss2-tctildr0 ubuntu-upgrade-libtss2-tctildr0t64 References https://attackerkb.com/topics/cve-2023-22745 CVE - 2023-22745 USN-6796-1

Alpine Linux: CVE-2023-22741: Classic Buffer Overflow Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 01/19/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP **lacks both message length and attributes length checks** when it handles STUN packets, leading to controllable heap-over-flow. For example, in stun_parse_attribute(), after we get the attribute's type and length value, the length will be used directly to copy from the heap, regardless of the message's left size. Since network users control the overflowed length, and the data is written to heap chunks later, attackers may achieve remote code execution by heap grooming or other exploitation methods. The bug was introduced 16 years ago in sofia-sip 1.12.4 (plus some patches through 12/21/2006) to in tree libs with git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@3774 d0543943-73ff-0310-b7d9-9358b9ac24b2. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) alpine-linux-upgrade-sofia-sip References https://attackerkb.com/topics/cve-2023-22741 CVE - 2023-22741 https://security.alpinelinux.org/vuln/CVE-2023-22741

Alma Linux: CVE-2023-22745: Low: tpm2-tss security and enhancement update (Multiple Advisories) Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 01/19/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege. Solution(s) alma-upgrade-tpm2-tss alma-upgrade-tpm2-tss-devel References https://attackerkb.com/topics/cve-2023-22745 CVE - 2023-22745 https://errata.almalinux.org/8/ALSA-2023-7166.html https://errata.almalinux.org/9/ALSA-2023-6685.html

Huawei EulerOS: CVE-2023-22745: tpm2-tss security update Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 01/19/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege. Solution(s) huawei-euleros-2_0_sp9-upgrade-tpm2-tss References https://attackerkb.com/topics/cve-2023-22745 CVE - 2023-22745 EulerOS-SA-2023-1882

Debian: CVE-2023-22741: sofia-sip -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 01/19/2023 Created 01/31/2023 Added 01/31/2023 Modified 01/30/2025 Description Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP **lacks both message length and attributes length checks** when it handles STUN packets, leading to controllable heap-over-flow. For example, in stun_parse_attribute(), after we get the attribute's type and length value, the length will be used directly to copy from the heap, regardless of the message's left size. Since network users control the overflowed length, and the data is written to heap chunks later, attackers may achieve remote code execution by heap grooming or other exploitation methods. The bug was introduced 16 years ago in sofia-sip 1.12.4 (plus some patches through 12/21/2006) to in tree libs with git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@3774 d0543943-73ff-0310-b7d9-9358b9ac24b2. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) debian-upgrade-sofia-sip References https://attackerkb.com/topics/cve-2023-22741 CVE - 2023-22741 DLA-3292-1

Red Hat: CVE-2023-22745: tpm2-tss: Buffer Overlow in TSS2_RC_Decode (Multiple Advisories) Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 01/19/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege. Solution(s) redhat-upgrade-tpm2-tss redhat-upgrade-tpm2-tss-debuginfo redhat-upgrade-tpm2-tss-debugsource redhat-upgrade-tpm2-tss-devel References CVE-2023-22745 RHSA-2023:6685 RHSA-2023:7166 RHSA-2024:4739

Ubuntu: USN-5932-1 (CVE-2023-22741): Sofia-SIP vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 01/19/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/30/2025 Description Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP **lacks both message length and attributes length checks** when it handles STUN packets, leading to controllable heap-over-flow. For example, in stun_parse_attribute(), after we get the attribute's type and length value, the length will be used directly to copy from the heap, regardless of the message's left size. Since network users control the overflowed length, and the data is written to heap chunks later, attackers may achieve remote code execution by heap grooming or other exploitation methods. The bug was introduced 16 years ago in sofia-sip 1.12.4 (plus some patches through 12/21/2006) to in tree libs with git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@3774 d0543943-73ff-0310-b7d9-9358b9ac24b2. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) ubuntu-pro-upgrade-libsofia-sip-ua-glib3 ubuntu-pro-upgrade-libsofia-sip-ua0 ubuntu-pro-upgrade-sofia-sip-bin References https://attackerkb.com/topics/cve-2023-22741 CVE - 2023-22741 USN-5932-1

Huawei EulerOS: CVE-2023-22745: tpm2-tss security update Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 01/19/2023 Created 05/18/2023 Added 05/18/2023 Modified 01/28/2025 Description tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege. Solution(s) huawei-euleros-2_0_sp10-upgrade-tpm2-tss References https://attackerkb.com/topics/cve-2023-22745 CVE - 2023-22745 EulerOS-SA-2023-1987

Huawei EulerOS: CVE-2023-22745: tpm2-tss security update Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 01/19/2023 Created 05/08/2023 Added 05/08/2023 Modified 01/28/2025 Description tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege. Solution(s) huawei-euleros-2_0_sp11-upgrade-tpm2-tss References https://attackerkb.com/topics/cve-2023-22745 CVE - 2023-22745 EulerOS-SA-2023-1795

SUSE: CVE-2023-22745: SUSE Linux Security Advisory Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 01/19/2023 Created 03/01/2023 Added 02/28/2023 Modified 01/28/2025 Description tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege. Solution(s) suse-upgrade-libtss2-esys0 suse-upgrade-libtss2-esys0-32bit suse-upgrade-libtss2-fapi0 suse-upgrade-libtss2-fapi1 suse-upgrade-libtss2-fapi1-32bit suse-upgrade-libtss2-mu0 suse-upgrade-libtss2-mu0-32bit suse-upgrade-libtss2-rc0 suse-upgrade-libtss2-rc0-32bit suse-upgrade-libtss2-sys0 suse-upgrade-libtss2-sys0-32bit suse-upgrade-libtss2-sys1 suse-upgrade-libtss2-sys1-32bit suse-upgrade-libtss2-tcti-cmd0 suse-upgrade-libtss2-tcti-cmd0-32bit suse-upgrade-libtss2-tcti-device0 suse-upgrade-libtss2-tcti-device0-32bit suse-upgrade-libtss2-tcti-mssim0 suse-upgrade-libtss2-tcti-mssim0-32bit suse-upgrade-libtss2-tcti-pcap0 suse-upgrade-libtss2-tcti-swtpm0 suse-upgrade-libtss2-tcti-swtpm0-32bit suse-upgrade-libtss2-tctildr0 suse-upgrade-libtss2-tctildr0-32bit suse-upgrade-tpm2-0-tss suse-upgrade-tpm2-0-tss-devel References https://attackerkb.com/topics/cve-2023-22745 CVE - 2023-22745

Amazon Linux 2023: CVE-2023-2430: Important priority package update for kernel Severity 6 CVSS (AV:L/AC:L/Au:S/C:P/I:P/A:C) Published 01/19/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. This flaw allows a local attacker with user privilege to trigger a Denial of Service threat. A vulnerability was found due to a missing lock for the IOPOLL in io_cqring_event_overflow() in io_uring.c in the Linux kernel. This flaw allows a local attacker with user privileges to trigger a denial of service. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-52-71-125 amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-2430 CVE - 2023-2430 https://alas.aws.amazon.com/AL2023/ALAS-2023-349.html

Gentoo Linux: CVE-2023-22741: Sofia-SIP: Multiple Vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 01/19/2023 Created 07/09/2024 Added 07/09/2024 Modified 01/30/2025 Description Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP **lacks both message length and attributes length checks** when it handles STUN packets, leading to controllable heap-over-flow. For example, in stun_parse_attribute(), after we get the attribute's type and length value, the length will be used directly to copy from the heap, regardless of the message's left size. Since network users control the overflowed length, and the data is written to heap chunks later, attackers may achieve remote code execution by heap grooming or other exploitation methods. The bug was introduced 16 years ago in sofia-sip 1.12.4 (plus some patches through 12/21/2006) to in tree libs with git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@3774 d0543943-73ff-0310-b7d9-9358b9ac24b2. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) gentoo-linux-upgrade-net-libs-sofia-sip References https://attackerkb.com/topics/cve-2023-22741 CVE - 2023-22741 202407-10

Huawei EulerOS: CVE-2023-22745: tpm2-tss security update Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 01/19/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/28/2025 Description tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege. Solution(s) huawei-euleros-2_0_sp5-upgrade-tpm2-tss References https://attackerkb.com/topics/cve-2023-22745 CVE - 2023-22745 EulerOS-SA-2023-2178