ISHACK AI BOT

SUSE: CVE-2024-7256: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/01/2024 Created 08/20/2024 Added 08/20/2024 Modified 01/28/2025 Description Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-gn suse-upgrade-rust-bindgen References https://attackerkb.com/topics/cve-2024-7256 CVE - 2024-7256

Rocky Linux: CVE-2024-41123: ruby-3.3 (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/01/2024 Created 09/18/2024 Added 09/17/2024 Modified 01/28/2025 Description REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities. Solution(s) rocky-upgrade-pcs rocky-upgrade-pcs-snmp rocky-upgrade-ruby rocky-upgrade-ruby-bundled-gems rocky-upgrade-ruby-bundled-gems-debuginfo rocky-upgrade-ruby-debuginfo rocky-upgrade-ruby-debugsource rocky-upgrade-ruby-devel rocky-upgrade-ruby-libs rocky-upgrade-ruby-libs-debuginfo rocky-upgrade-rubygem-bigdecimal rocky-upgrade-rubygem-bigdecimal-debuginfo rocky-upgrade-rubygem-io-console rocky-upgrade-rubygem-io-console-debuginfo rocky-upgrade-rubygem-json rocky-upgrade-rubygem-json-debuginfo rocky-upgrade-rubygem-mysql2 rocky-upgrade-rubygem-mysql2-debuginfo rocky-upgrade-rubygem-mysql2-debugsource rocky-upgrade-rubygem-pg rocky-upgrade-rubygem-pg-debuginfo rocky-upgrade-rubygem-pg-debugsource rocky-upgrade-rubygem-psych rocky-upgrade-rubygem-psych-debuginfo rocky-upgrade-rubygem-racc rocky-upgrade-rubygem-racc-debuginfo rocky-upgrade-rubygem-rbs rocky-upgrade-rubygem-rbs-debuginfo References https://attackerkb.com/topics/cve-2024-41123 CVE - 2024-41123 https://errata.rockylinux.org/RLSA-2024:6670 https://errata.rockylinux.org/RLSA-2024:6784 https://errata.rockylinux.org/RLSA-2024:6785

Rocky Linux: CVE-2024-41946: ruby-3.3 (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/01/2024 Created 09/18/2024 Added 09/17/2024 Modified 01/28/2025 Description REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability. Solution(s) rocky-upgrade-pcs rocky-upgrade-pcs-snmp rocky-upgrade-ruby rocky-upgrade-ruby-bundled-gems rocky-upgrade-ruby-bundled-gems-debuginfo rocky-upgrade-ruby-debuginfo rocky-upgrade-ruby-debugsource rocky-upgrade-ruby-devel rocky-upgrade-ruby-libs rocky-upgrade-ruby-libs-debuginfo rocky-upgrade-rubygem-bigdecimal rocky-upgrade-rubygem-bigdecimal-debuginfo rocky-upgrade-rubygem-io-console rocky-upgrade-rubygem-io-console-debuginfo rocky-upgrade-rubygem-json rocky-upgrade-rubygem-json-debuginfo rocky-upgrade-rubygem-mysql2 rocky-upgrade-rubygem-mysql2-debuginfo rocky-upgrade-rubygem-mysql2-debugsource rocky-upgrade-rubygem-pg rocky-upgrade-rubygem-pg-debuginfo rocky-upgrade-rubygem-pg-debugsource rocky-upgrade-rubygem-psych rocky-upgrade-rubygem-psych-debuginfo rocky-upgrade-rubygem-racc rocky-upgrade-rubygem-racc-debuginfo rocky-upgrade-rubygem-rbs rocky-upgrade-rubygem-rbs-debuginfo References https://attackerkb.com/topics/cve-2024-41946 CVE - 2024-41946 https://errata.rockylinux.org/RLSA-2024:6670 https://errata.rockylinux.org/RLSA-2024:6784 https://errata.rockylinux.org/RLSA-2024:6785

Debian: CVE-2024-41946: ruby2.7, ruby3.1 -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/01/2024 Created 01/21/2025 Added 01/20/2025 Modified 01/28/2025 Description REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability. Solution(s) debian-upgrade-ruby2-7 debian-upgrade-ruby3-1 References https://attackerkb.com/topics/cve-2024-41946 CVE - 2024-41946 DLA-4018-1

Huawei EulerOS: CVE-2024-41965: vim security update Severity 4 CVSS (AV:L/AC:H/Au:S/C:P/I:P/A:P) Published 08/01/2024 Created 11/06/2024 Added 11/05/2024 Modified 01/28/2025 Description Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648. Solution(s) huawei-euleros-2_0_sp12-upgrade-vim-common huawei-euleros-2_0_sp12-upgrade-vim-enhanced huawei-euleros-2_0_sp12-upgrade-vim-filesystem huawei-euleros-2_0_sp12-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2024-41965 CVE - 2024-41965 EulerOS-SA-2024-2805

Huawei EulerOS: CVE-2024-6923: python3 security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/01/2024 Created 12/13/2024 Added 12/12/2024 Modified 12/12/2024 Description There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. Solution(s) huawei-euleros-2_0_sp12-upgrade-python3 huawei-euleros-2_0_sp12-upgrade-python3-fgo huawei-euleros-2_0_sp12-upgrade-python3-unversioned-command References https://attackerkb.com/topics/cve-2024-6923 CVE - 2024-6923 EulerOS-SA-2024-2957

Ubuntu: (Multiple Advisories) (CVE-2024-6923): Python vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/01/2024 Created 09/18/2024 Added 09/17/2024 Modified 01/23/2025 Description There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. Solution(s) ubuntu-pro-upgrade-python2-7 ubuntu-pro-upgrade-python2-7-minimal ubuntu-pro-upgrade-python3-10 ubuntu-pro-upgrade-python3-10-minimal ubuntu-pro-upgrade-python3-12 ubuntu-pro-upgrade-python3-12-minimal ubuntu-pro-upgrade-python3-8 ubuntu-pro-upgrade-python3-8-minimal References https://attackerkb.com/topics/cve-2024-6923 CVE - 2024-6923 USN-7015-1 USN-7015-3 USN-7015-4 USN-7015-5 USN-7015-6

Amazon Linux AMI 2: Security patch for openssl11 (ALAS-2024-2605) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/01/2024 Created 08/14/2024 Added 08/14/2024 Modified 08/14/2024 Description Solution(s) amazon-linux-ami-2-upgrade-openssl11 amazon-linux-ami-2-upgrade-openssl11-debuginfo amazon-linux-ami-2-upgrade-openssl11-devel amazon-linux-ami-2-upgrade-openssl11-libs amazon-linux-ami-2-upgrade-openssl11-static References AL2/ALAS-2024-2605

Huawei EulerOS: CVE-2024-41965: vim security update Severity 4 CVSS (AV:L/AC:H/Au:S/C:P/I:P/A:P) Published 08/01/2024 Created 11/12/2024 Added 11/11/2024 Modified 01/28/2025 Description Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648. Solution(s) huawei-euleros-2_0_sp10-upgrade-vim-common huawei-euleros-2_0_sp10-upgrade-vim-enhanced huawei-euleros-2_0_sp10-upgrade-vim-filesystem huawei-euleros-2_0_sp10-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2024-41965 CVE - 2024-41965 EulerOS-SA-2024-2918

IBM AIX: python_advisory13 (CVE-2024-6923): Vulnerability in python affects AIX Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/01/2024 Created 11/07/2024 Added 11/06/2024 Modified 11/06/2024 Description There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. Solution(s) ibm-aix-python_advisory13 References https://attackerkb.com/topics/cve-2024-6923 CVE - 2024-6923 https://aix.software.ibm.com/aix/efixes/security/python_advisory13.asc

Rocky Linux: CVE-2024-6923: python3 (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/01/2024 Created 09/18/2024 Added 09/17/2024 Modified 11/18/2024 Description There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. Solution(s) rocky-upgrade-platform-python rocky-upgrade-platform-python-debug rocky-upgrade-platform-python-devel rocky-upgrade-python3-debuginfo rocky-upgrade-python3-debugsource rocky-upgrade-python3-idle rocky-upgrade-python3-libs rocky-upgrade-python3-test rocky-upgrade-python3-tkinter rocky-upgrade-python3.11 rocky-upgrade-python3.11-debug rocky-upgrade-python3.11-debuginfo rocky-upgrade-python3.11-debugsource rocky-upgrade-python3.11-devel rocky-upgrade-python3.11-idle rocky-upgrade-python3.11-libs rocky-upgrade-python3.11-test rocky-upgrade-python3.11-tkinter rocky-upgrade-python3.12 rocky-upgrade-python3.12-debug rocky-upgrade-python3.12-debuginfo rocky-upgrade-python3.12-debugsource rocky-upgrade-python3.12-devel rocky-upgrade-python3.12-idle rocky-upgrade-python3.12-libs rocky-upgrade-python3.12-test rocky-upgrade-python3.12-tkinter References https://attackerkb.com/topics/cve-2024-6923 CVE - 2024-6923 https://errata.rockylinux.org/RLSA-2024:6146 https://errata.rockylinux.org/RLSA-2024:6961 https://errata.rockylinux.org/RLSA-2024:6962 https://errata.rockylinux.org/RLSA-2024:6975

FreeBSD: VID-94D441D2-5497-11EF-9D2F-080027836E8B (CVE-2024-41990): Django -- multiple vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/01/2024 Created 08/08/2024 Added 08/07/2024 Modified 01/28/2025 Description An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. Solution(s) freebsd-upgrade-package-py310-django42 freebsd-upgrade-package-py310-django50 freebsd-upgrade-package-py311-django42 freebsd-upgrade-package-py311-django50 freebsd-upgrade-package-py39-django42 References CVE-2024-41990

Huawei EulerOS: CVE-2024-41957: vim security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/01/2024 Created 10/10/2024 Added 10/09/2024 Modified 10/09/2024 Description Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647 Solution(s) huawei-euleros-2_0_sp11-upgrade-vim-common huawei-euleros-2_0_sp11-upgrade-vim-enhanced huawei-euleros-2_0_sp11-upgrade-vim-filesystem huawei-euleros-2_0_sp11-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2024-41957 CVE - 2024-41957 EulerOS-SA-2024-2596

Oracle MySQL Vulnerability: CVE-2024-7264 Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/31/2024 Created 10/24/2024 Added 10/23/2024 Modified 01/30/2025 Description libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used. Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-7264 CVE - 2024-7264

Huawei EulerOS: CVE-2024-7264: curl security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/31/2024 Created 10/10/2024 Added 10/09/2024 Modified 01/30/2025 Description libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used. Solution(s) huawei-euleros-2_0_sp11-upgrade-curl huawei-euleros-2_0_sp11-upgrade-libcurl References https://attackerkb.com/topics/cve-2024-7264 CVE - 2024-7264 EulerOS-SA-2024-2575

Alma Linux: CVE-2024-6923: Moderate: python3.12 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/01/2024 Created 08/31/2024 Added 08/30/2024 Modified 02/13/2025 Description There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. Solution(s) alma-upgrade-platform-python alma-upgrade-platform-python-debug alma-upgrade-platform-python-devel alma-upgrade-python-unversioned-command alma-upgrade-python3 alma-upgrade-python3-debug alma-upgrade-python3-devel alma-upgrade-python3-idle alma-upgrade-python3-libs alma-upgrade-python3-test alma-upgrade-python3-tkinter alma-upgrade-python3.11 alma-upgrade-python3.11-debug alma-upgrade-python3.11-devel alma-upgrade-python3.11-idle alma-upgrade-python3.11-libs alma-upgrade-python3.11-rpm-macros alma-upgrade-python3.11-test alma-upgrade-python3.11-tkinter alma-upgrade-python3.12 alma-upgrade-python3.12-debug alma-upgrade-python3.12-devel alma-upgrade-python3.12-idle alma-upgrade-python3.12-libs alma-upgrade-python3.12-rpm-macros alma-upgrade-python3.12-test alma-upgrade-python3.12-tkinter alma-upgrade-python39 alma-upgrade-python39-attrs alma-upgrade-python39-cffi alma-upgrade-python39-chardet alma-upgrade-python39-cryptography alma-upgrade-python39-cython alma-upgrade-python39-debug alma-upgrade-python39-devel alma-upgrade-python39-idle alma-upgrade-python39-idna alma-upgrade-python39-iniconfig alma-upgrade-python39-libs alma-upgrade-python39-lxml alma-upgrade-python39-mod_wsgi alma-upgrade-python39-more-itertools alma-upgrade-python39-numpy alma-upgrade-python39-numpy-doc alma-upgrade-python39-numpy-f2py alma-upgrade-python39-packaging alma-upgrade-python39-pip alma-upgrade-python39-pip-wheel alma-upgrade-python39-pluggy alma-upgrade-python39-ply alma-upgrade-python39-psutil alma-upgrade-python39-psycopg2 alma-upgrade-python39-psycopg2-doc alma-upgrade-python39-psycopg2-tests alma-upgrade-python39-py alma-upgrade-python39-pybind11 alma-upgrade-python39-pybind11-devel alma-upgrade-python39-pycparser alma-upgrade-python39-pymysql alma-upgrade-python39-pyparsing alma-upgrade-python39-pysocks alma-upgrade-python39-pytest alma-upgrade-python39-pyyaml alma-upgrade-python39-requests alma-upgrade-python39-rpm-macros alma-upgrade-python39-scipy alma-upgrade-python39-setuptools alma-upgrade-python39-setuptools-wheel alma-upgrade-python39-six alma-upgrade-python39-test alma-upgrade-python39-tkinter alma-upgrade-python39-toml alma-upgrade-python39-urllib3 alma-upgrade-python39-wcwidth alma-upgrade-python39-wheel alma-upgrade-python39-wheel-wheel References https://attackerkb.com/topics/cve-2024-6923 CVE - 2024-6923 https://errata.almalinux.org/8/ALSA-2024-5962.html https://errata.almalinux.org/8/ALSA-2024-6961.html https://errata.almalinux.org/8/ALSA-2024-6962.html https://errata.almalinux.org/8/ALSA-2024-6975.html https://errata.almalinux.org/9/ALSA-2024-6146.html https://errata.almalinux.org/9/ALSA-2024-6163.html https://errata.almalinux.org/9/ALSA-2024-6179.html View more

F5 Networks: CVE-2024-4741: K000140257: OpenSSL vulnerability CVE-2024-4741 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/31/2024 Created 08/02/2024 Added 07/31/2024 Modified 11/15/2024 Description Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2024-4741 CVE - 2024-4741 https://my.f5.com/manage/s/article/K000140257

Google Chrome Vulnerability: CVE-2024-7256 Insufficient data validation in Dawn Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/31/2024 Created 07/31/2024 Added 07/31/2024 Modified 01/28/2025 Description Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-7256 CVE - 2024-7256

Amazon Linux AMI 2: CVE-2024-7264: Security patch for ecs-service-connect-agent (ALASECS-2024-045) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/31/2024 Created 11/15/2024 Added 11/14/2024 Modified 01/30/2025 Description libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used. Solution(s) amazon-linux-ami-2-upgrade-ecs-service-connect-agent References https://attackerkb.com/topics/cve-2024-7264 AL2/ALASECS-2024-045 CVE - 2024-7264

Calibre Python Code Injection (CVE-2024-6782) Disclosed 07/31/2024 Created 08/08/2024 Description This module exploits a Python code injection vulnerability in the Content Server component of Calibre v6.9.0 - v7.15.0. Once enabled (disabled by default), it will listen in its default configuration on all network interfaces on TCP port 8080 for incoming traffic, and does not require any authentication. The injected payload will get executed in the same context under which Calibre is being executed. Author(s) Amos Ng Michael Heinzl Platform Linux,Unix,Windows Architectures cmd Development Source Code History

Ubuntu: USN-6937-1 (CVE-2024-4741): OpenSSL vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/31/2024 Created 08/02/2024 Added 08/01/2024 Modified 11/15/2024 Description Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Solution(s) ubuntu-upgrade-libssl1-1 ubuntu-upgrade-libssl3 ubuntu-upgrade-libssl3t64 References https://attackerkb.com/topics/cve-2024-4741 CVE - 2024-4741 USN-6937-1

Google Chrome Vulnerability: CVE-2024-6990 Uninitialized Use in Dawn Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/31/2024 Created 07/31/2024 Added 07/31/2024 Modified 01/28/2025 Description Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-6990 CVE - 2024-6990 https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html

VMware Photon OS: CVE-2024-7264 Severity 7 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:P) Published 07/31/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-7264 CVE - 2024-7264

Huawei EulerOS: CVE-2024-7264: curl security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/31/2024 Created 11/06/2024 Added 11/05/2024 Modified 01/30/2025 Description libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used. Solution(s) huawei-euleros-2_0_sp12-upgrade-curl huawei-euleros-2_0_sp12-upgrade-libcurl References https://attackerkb.com/topics/cve-2024-7264 CVE - 2024-7264 EulerOS-SA-2024-2795

SUSE: CVE-2024-7264: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/31/2024 Created 08/08/2024 Added 08/07/2024 Modified 01/30/2025 Description libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used. Solution(s) suse-upgrade-curl suse-upgrade-libcurl-devel suse-upgrade-libcurl-devel-32bit suse-upgrade-libcurl4 suse-upgrade-libcurl4-32bit References https://attackerkb.com/topics/cve-2024-7264 CVE - 2024-7264