ISHACK AI BOT

OS X update for curl (CVE-2024-2398) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/27/2024 Created 07/31/2024 Added 07/31/2024 Modified 10/31/2024 Description When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.Further, this error condition fails silently and is therefore not easily detected by an application. Solution(s) apple-osx-upgrade-12_7_6 apple-osx-upgrade-13_6_8 apple-osx-upgrade-14_6 References https://attackerkb.com/topics/cve-2024-2398 CVE - 2024-2398 https://support.apple.com/en-us/120910 https://support.apple.com/en-us/120911 https://support.apple.com/en-us/120912

Alpine Linux: CVE-2024-2379: Vulnerability in Multiple Components Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/27/2024 Created 06/11/2024 Added 06/06/2024 Modified 10/01/2024 Description libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems. Solution(s) alpine-linux-upgrade-curl References https://attackerkb.com/topics/cve-2024-2379 CVE - 2024-2379 https://security.alpinelinux.org/vuln/CVE-2024-2379

OS X update for CoreServices (CVE-2023-42893) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 03/28/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

VMware Photon OS: CVE-2024-2398 Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:P/A:P) Published 03/27/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.Further, this error condition fails silently and is therefore not easily detected by an application. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-2398 CVE - 2024-2398

VMware Photon OS: CVE-2023-39804 Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 03/27/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-39804 CVE - 2023-39804

Huawei EulerOS: CVE-2023-46049: llvm security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/27/2024 Created 07/16/2024 Added 07/16/2024 Modified 12/12/2024 Description LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem. Solution(s) huawei-euleros-2_0_sp10-upgrade-llvm huawei-euleros-2_0_sp10-upgrade-llvm-help References https://attackerkb.com/topics/cve-2023-46049 CVE - 2023-46049 EulerOS-SA-2024-1914

Huawei EulerOS: CVE-2024-2398: curl security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/27/2024 Created 07/16/2024 Added 07/16/2024 Modified 11/26/2024 Description When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.Further, this error condition fails silently and is therefore not easily detected by an application. Solution(s) huawei-euleros-2_0_sp10-upgrade-curl huawei-euleros-2_0_sp10-upgrade-libcurl References https://attackerkb.com/topics/cve-2024-2398 CVE - 2024-2398 EulerOS-SA-2024-1902

Huawei EulerOS: CVE-2024-28085: util-linux security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/27/2024 Created 05/10/2024 Added 05/13/2024 Modified 05/13/2024 Description wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover. Solution(s) huawei-euleros-2_0_sp10-upgrade-libblkid huawei-euleros-2_0_sp10-upgrade-libfdisk huawei-euleros-2_0_sp10-upgrade-libmount huawei-euleros-2_0_sp10-upgrade-libsmartcols huawei-euleros-2_0_sp10-upgrade-libuuid huawei-euleros-2_0_sp10-upgrade-util-linux huawei-euleros-2_0_sp10-upgrade-util-linux-user References https://attackerkb.com/topics/cve-2024-28085 CVE - 2024-28085 EulerOS-SA-2024-1604

Debian: CVE-2024-28085: util-linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/27/2024 Created 04/02/2024 Added 04/02/2024 Modified 04/02/2024 Description wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover. Solution(s) debian-upgrade-util-linux References https://attackerkb.com/topics/cve-2024-28085 CVE - 2024-28085 DSA-5650-1

Oracle Linux: CVE-2024-2947: ELSA-2024-3843:cockpit security update (MODERATE) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/27/2024 Created 06/07/2024 Added 06/06/2024 Modified 12/01/2024 Description A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer. Solution(s) oracle-linux-upgrade-cockpit oracle-linux-upgrade-cockpit-bridge oracle-linux-upgrade-cockpit-doc oracle-linux-upgrade-cockpit-system oracle-linux-upgrade-cockpit-ws References https://attackerkb.com/topics/cve-2024-2947 CVE - 2024-2947 ELSA-2024-3843 ELSA-2024-3667

Cisco IOS: CVE-2024-20307: Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerabilities Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 03/27/2024 Created 03/29/2024 Added 05/27/2024 Modified 01/22/2025 Description A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic. Solution(s) cisco-ios-upgrade-latest References https://attackerkb.com/topics/cve-2024-20307 CVE - 2024-20307 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev1-NO2ccFWz cisco-sa-ikev1-NO2ccFWz

Cisco IOS: CVE-2024-20308: Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/27/2024 Created 03/29/2024 Added 05/27/2024 Modified 11/13/2024 Description A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.. Solution(s) cisco-ios-upgrade-latest References https://attackerkb.com/topics/cve-2024-20308 CVE - 2024-20308 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev1-NO2ccFWz cisco-sa-ikev1-NO2ccFWz

Ubuntu: (CVE-2024-0075): nvidia-graphics-drivers-470 vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/27/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/23/2025 Description NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user may cause a NULL-pointer dereference by accessing passed parameters the validity of which has not been checked. A successful exploit of this vulnerability may lead to denial of service and limited information disclosure. Solution(s) ubuntu-upgrade-nvidia-graphics-drivers-470 ubuntu-upgrade-nvidia-graphics-drivers-470-server ubuntu-upgrade-nvidia-graphics-drivers-535 ubuntu-upgrade-nvidia-graphics-drivers-535-server References https://attackerkb.com/topics/cve-2024-0075 CVE - 2024-0075 https://nvidia.custhelp.com/app/answers/detail/a_id/5520 https://www.cve.org/CVERecord?id=CVE-2024-0075

Ubuntu: (CVE-2024-0079): nvidia-graphics-drivers-470 vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/27/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/23/2025 Description NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest VM can cause a NULL-pointer dereference in the host. A successful exploit of this vulnerability may lead to denial of service. Solution(s) ubuntu-upgrade-nvidia-graphics-drivers-470 ubuntu-upgrade-nvidia-graphics-drivers-470-server ubuntu-upgrade-nvidia-graphics-drivers-535 ubuntu-upgrade-nvidia-graphics-drivers-535-server References https://attackerkb.com/topics/cve-2024-0079 CVE - 2024-0079 https://nvidia.custhelp.com/app/answers/detail/a_id/5520 https://www.cve.org/CVERecord?id=CVE-2024-0079

Red Hat: CVE-2024-2398: curl: HTTP/2 push headers memory-leak (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 03/27/2024 Created 06/21/2024 Added 06/21/2024 Modified 09/13/2024 Description When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.Further, this error condition fails silently and is therefore not easily detected by an application. Solution(s) redhat-upgrade-curl redhat-upgrade-curl-debuginfo redhat-upgrade-curl-debugsource redhat-upgrade-curl-minimal redhat-upgrade-curl-minimal-debuginfo redhat-upgrade-libcurl redhat-upgrade-libcurl-debuginfo redhat-upgrade-libcurl-devel redhat-upgrade-libcurl-minimal redhat-upgrade-libcurl-minimal-debuginfo References CVE-2024-2398 RHSA-2024:3998 RHSA-2024:5529 RHSA-2024:5654

Red Hat: CVE-2024-25580: qtbase: potential buffer overflow when reading KTX images (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 03/27/2024 Created 05/01/2024 Added 05/01/2024 Modified 09/03/2024 Description An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file. Solution(s) redhat-upgrade-qt5-qtbase redhat-upgrade-qt5-qtbase-common redhat-upgrade-qt5-qtbase-debuginfo redhat-upgrade-qt5-qtbase-debugsource redhat-upgrade-qt5-qtbase-devel redhat-upgrade-qt5-qtbase-devel-debuginfo redhat-upgrade-qt5-qtbase-examples redhat-upgrade-qt5-qtbase-examples-debuginfo redhat-upgrade-qt5-qtbase-gui redhat-upgrade-qt5-qtbase-gui-debuginfo redhat-upgrade-qt5-qtbase-mysql redhat-upgrade-qt5-qtbase-mysql-debuginfo redhat-upgrade-qt5-qtbase-odbc redhat-upgrade-qt5-qtbase-odbc-debuginfo redhat-upgrade-qt5-qtbase-postgresql redhat-upgrade-qt5-qtbase-postgresql-debuginfo redhat-upgrade-qt5-qtbase-private-devel redhat-upgrade-qt5-qtbase-static redhat-upgrade-qt5-qtbase-tests-debuginfo References CVE-2024-25580 RHSA-2024:2276 RHSA-2024:3056

Alma Linux: CVE-2024-2398: Moderate: curl security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/27/2024 Created 08/23/2024 Added 08/22/2024 Modified 09/18/2024 Description When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.Further, this error condition fails silently and is therefore not easily detected by an application. Solution(s) alma-upgrade-curl alma-upgrade-curl-minimal alma-upgrade-libcurl alma-upgrade-libcurl-devel alma-upgrade-libcurl-minimal References https://attackerkb.com/topics/cve-2024-2398 CVE - 2024-2398 https://errata.almalinux.org/8/ALSA-2024-5654.html https://errata.almalinux.org/9/ALSA-2024-5529.html

Huawei EulerOS: CVE-2024-2398: curl security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/27/2024 Created 07/23/2024 Added 07/23/2024 Modified 10/08/2024 Description When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.Further, this error condition fails silently and is therefore not easily detected by an application. Solution(s) huawei-euleros-2_0_sp8-upgrade-curl huawei-euleros-2_0_sp8-upgrade-libcurl huawei-euleros-2_0_sp8-upgrade-libcurl-devel References https://attackerkb.com/topics/cve-2024-2398 CVE - 2024-2398 EulerOS-SA-2024-2460

Gentoo Linux: CVE-2024-2004: curl: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/27/2024 Created 09/25/2024 Added 09/24/2024 Modified 09/24/2024 Description When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled.curl --proto -all,-http http://curl.seThe flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug. Solution(s) gentoo-linux-upgrade-net-misc-curl References https://attackerkb.com/topics/cve-2024-2004 CVE - 2024-2004 202409-20

Cisco XE: CVE-2024-20306: Cisco IOS XE Software Unified Threat Defense Command Injection Vulnerability Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:N) Published 03/27/2024 Created 03/29/2024 Added 03/28/2024 Modified 02/11/2025 Description A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted CLI command to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying operating system. Solution(s) cisco-xe-update-latest References https://attackerkb.com/topics/cve-2024-20306 CVE - 2024-20306 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-utd-cmd-JbL8KvHT cisco-sa-iosxe-utd-cmd-JbL8KvHT

Huawei EulerOS: CVE-2023-46049: llvm security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/27/2024 Created 10/09/2024 Added 10/08/2024 Modified 10/08/2024 Description LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem. Solution(s) huawei-euleros-2_0_sp12-upgrade-llvm huawei-euleros-2_0_sp12-upgrade-llvm-help huawei-euleros-2_0_sp12-upgrade-llvm-libs References https://attackerkb.com/topics/cve-2023-46049 CVE - 2023-46049 EulerOS-SA-2024-2243

Cisco XE: CVE-2024-20303: Cisco IOS XE Software for Wireless LAN Controllers Multicast DNS Denial of Service Vulnerability Severity 6 CVSS (AV:A/AC:L/Au:N/C:N/I:N/A:C) Published 03/27/2024 Created 03/29/2024 Added 03/28/2024 Modified 11/08/2024 Description A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper management of mDNS client entries. An attacker could exploit this vulnerability by connecting to the wireless network and sending a continuous stream of specific mDNS packets. A successful exploit could allow the attacker to cause the wireless controller to have high CPU utilization, which could lead to access points (APs) losing their connection to the controller and result in a DoS condition. Solution(s) cisco-xe-update-latest References https://attackerkb.com/topics/cve-2024-20303 CVE - 2024-20303 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-mdns-dos-4hv6pBGf cisco-sa-wlc-mdns-dos-4hv6pBGf

Cisco XE: CVE-2024-20278: Cisco IOS XE Software Privilege Escalation Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:N) Published 03/27/2024 Created 03/29/2024 Added 03/28/2024 Modified 02/11/2025 Description A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input over NETCONF to an affected device. A successful exploit could allow the attacker to elevate privileges from Administrator to root. Solution(s) cisco-xe-update-latest References https://attackerkb.com/topics/cve-2024-20278 CVE - 2024-20278 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-esc-seAx6NLX cisco-sa-iosxe-priv-esc-seAx6NLX

Cisco XE: CVE-2024-20259: Cisco IOS XE Software DHCP Snooping with Endpoint Analytics Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/27/2024 Created 03/29/2024 Added 03/28/2024 Modified 02/11/2025 Description A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker could exploit this vulnerability by sending a crafted DHCP request through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: The attack vector is listed as network because a DHCP relay anywhere on the network could allow exploits from networks other than the adjacent one. Solution(s) cisco-xe-update-latest References https://attackerkb.com/topics/cve-2024-20259 CVE - 2024-20259 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dhcp-dos-T3CXPO9z cisco-sa-dhcp-dos-T3CXPO9z

Cisco XE: CVE-2024-20311: Cisco IOS and IOS XE Software Locator ID Separation Protocol Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/27/2024 Created 03/29/2024 Added 03/28/2024 Modified 11/08/2024 Description A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to the incorrect handling of LISP packets. An attacker could exploit this vulnerability by sending a crafted LISP packet to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Note: This vulnerability could be exploited over either IPv4 or IPv6 transport. Solution(s) cisco-xe-update-latest References https://attackerkb.com/topics/cve-2024-20311 CVE - 2024-20311 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lisp-3gYXs3qP cisco-sa-lisp-3gYXs3qP