ISHACK AI BOT

Alpine Linux: CVE-2023-49284: Interpretation Conflict Severity 3 CVSS (AV:L/AC:M/Au:S/C:P/I:N/A:P) Published 12/04/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than transforming them into a safe internal representation. While this may cause unexpected behavior with direct input (for example, echo \UFDD2HOME has the same output as echo $HOME), this may become a minor security problem if the output is being fed from an external program into a command substitution where this output may not be expected. This design flaw was introduced in very early versions of fish, predating the version control system, and is thought to be present in every version of fish released in the last 15 years or more, although with different characters. Code execution does not appear to be possible, but denial of service (through large brace expansion) or information disclosure (such as variable expansion) is potentially possible under certain circumstances. fish shell 3.6.2 has been released to correct this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) alpine-linux-upgrade-fish References https://attackerkb.com/topics/cve-2023-49284 CVE - 2023-49284 https://security.alpinelinux.org/vuln/CVE-2023-49284

Alpine Linux: CVE-2023-49286: Improper Check for Unusual or Exceptional Conditions Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/04/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/14/2024 Description Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) alpine-linux-upgrade-squid References https://attackerkb.com/topics/cve-2023-49286 CVE - 2023-49286 https://security.alpinelinux.org/vuln/CVE-2023-49286

CentOS Linux: CVE-2023-49285: Important: squid security update (CESA-2024:1787) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/04/2023 Created 01/06/2024 Added 01/05/2024 Modified 01/28/2025 Description Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) centos-upgrade-squid centos-upgrade-squid-debuginfo centos-upgrade-squid-migration-script centos-upgrade-squid-sysvinit References CVE-2023-49285

Red Hat JBossEAP: Improper Initialization (CVE-2023-4503) Severity 7 CVSS (AV:N/AC:H/Au:S/C:C/I:C/A:N) Published 12/04/2023 Created 09/20/2024 Added 09/19/2024 Modified 12/20/2024 Description An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.. An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server. Solution(s) red-hat-jboss-eap-upgrade-latest References https://attackerkb.com/topics/cve-2023-4503 CVE - 2023-4503 https://access.redhat.com/security/cve/CVE-2023-4503 https://bugzilla.redhat.com/show_bug.cgi?id=2184751 https://access.redhat.com/errata/RHSA-2023:7637 https://access.redhat.com/errata/RHSA-2023:7638 https://access.redhat.com/errata/RHSA-2023:7639 https://access.redhat.com/errata/RHSA-2023:7641 https://access.redhat.com/errata/RHSA-2024:3580 https://access.redhat.com/errata/RHSA-2024:3581 https://access.redhat.com/errata/RHSA-2024:3583 View more

Red Hat JBossEAP: Uncontrolled Resource Consumption (CVE-2023-6481) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/04/2023 Created 09/20/2024 Added 09/19/2024 Modified 09/20/2024 Description A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.. A flaw was found in the logback package. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via the logback receiver component. This flaw allows anattacker to mount a denial-of-service attack by sending poisoned data. Solution(s) red-hat-jboss-eap-upgrade-latest References https://attackerkb.com/topics/cve-2023-6481 CVE - 2023-6481 https://access.redhat.com/security/cve/CVE-2023-6481 https://bugzilla.redhat.com/show_bug.cgi?id=2252956

CentOS Linux: CVE-2023-49286: Important: squid security update (CESA-2024:1787) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/04/2023 Created 01/06/2024 Added 01/05/2024 Modified 01/28/2025 Description Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) centos-upgrade-squid centos-upgrade-squid-debuginfo centos-upgrade-squid-migration-script centos-upgrade-squid-sysvinit References CVE-2023-49286

Oracle Linux: CVE-2023-49285: ELSA-2024-0046:squid:4 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/04/2023 Created 01/06/2024 Added 01/04/2024 Modified 01/07/2025 Description Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. A buffer over-read flaw was found in Squid's HTTP Message processing feature. This issue may allow attackers to perform remote denial of service. Solution(s) oracle-linux-upgrade-libecap oracle-linux-upgrade-libecap-devel oracle-linux-upgrade-squid oracle-linux-upgrade-squid-migration-script oracle-linux-upgrade-squid-sysvinit References https://attackerkb.com/topics/cve-2023-49285 CVE - 2023-49285 ELSA-2024-0046 ELSA-2024-1787 ELSA-2024-0071

VMware Photon OS: CVE-2023-49285 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/04/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-49285 CVE - 2023-49285

VMware Photon OS: CVE-2023-49286 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/04/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-49286 CVE - 2023-49286

Amazon Linux AMI: CVE-2023-49285: Security patch for squid (ALAS-2024-1901) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/04/2023 Created 01/11/2024 Added 01/09/2024 Modified 01/28/2025 Description Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) amazon-linux-upgrade-squid References ALAS-2024-1901 CVE-2023-49285

Alpine Linux: CVE-2023-49288: Use After Free Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/04/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/14/2024 Description Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf. Solution(s) alpine-linux-upgrade-squid References https://attackerkb.com/topics/cve-2023-49288 CVE - 2023-49288 https://security.alpinelinux.org/vuln/CVE-2023-49288

Amazon Linux AMI 2: CVE-2023-49285: Security patch for squid (ALAS-2024-2500) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/04/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) amazon-linux-ami-2-upgrade-squid amazon-linux-ami-2-upgrade-squid-debuginfo amazon-linux-ami-2-upgrade-squid-migration-script amazon-linux-ami-2-upgrade-squid-sysvinit References https://attackerkb.com/topics/cve-2023-49285 AL2/ALAS-2024-2500 CVE - 2023-49285

Alpine Linux: CVE-2023-49285: Out-of-bounds Read Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/04/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/14/2024 Description Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) alpine-linux-upgrade-squid References https://attackerkb.com/topics/cve-2023-49285 CVE - 2023-49285 https://security.alpinelinux.org/vuln/CVE-2023-49285

Amazon Linux AMI 2: CVE-2022-24807: Security patch for net-snmp (ALAS-2023-2366) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:C/A:N) Published 12/05/2023 Created 12/06/2023 Added 12/05/2023 Modified 01/28/2025 Description net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. Solution(s) amazon-linux-ami-2-upgrade-net-snmp amazon-linux-ami-2-upgrade-net-snmp-agent-libs amazon-linux-ami-2-upgrade-net-snmp-debuginfo amazon-linux-ami-2-upgrade-net-snmp-devel amazon-linux-ami-2-upgrade-net-snmp-gui amazon-linux-ami-2-upgrade-net-snmp-libs amazon-linux-ami-2-upgrade-net-snmp-perl amazon-linux-ami-2-upgrade-net-snmp-python amazon-linux-ami-2-upgrade-net-snmp-sysvinit amazon-linux-ami-2-upgrade-net-snmp-utils References https://attackerkb.com/topics/cve-2022-24807 AL2/ALAS-2023-2366 CVE - 2022-24807

Amazon Linux AMI 2: CVE-2022-24810: Security patch for net-snmp (ALAS-2023-2366) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/05/2023 Created 12/06/2023 Added 12/05/2023 Modified 02/12/2025 Description net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. Solution(s) amazon-linux-ami-2-upgrade-net-snmp amazon-linux-ami-2-upgrade-net-snmp-agent-libs amazon-linux-ami-2-upgrade-net-snmp-debuginfo amazon-linux-ami-2-upgrade-net-snmp-devel amazon-linux-ami-2-upgrade-net-snmp-gui amazon-linux-ami-2-upgrade-net-snmp-libs amazon-linux-ami-2-upgrade-net-snmp-perl amazon-linux-ami-2-upgrade-net-snmp-python amazon-linux-ami-2-upgrade-net-snmp-sysvinit amazon-linux-ami-2-upgrade-net-snmp-utils References https://attackerkb.com/topics/cve-2022-24810 AL2/ALAS-2023-2366 CVE - 2022-24810

Amazon Linux AMI 2: CVE-2023-49286: Security patch for squid (ALAS-2024-2381) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/04/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) amazon-linux-ami-2-upgrade-squid amazon-linux-ami-2-upgrade-squid-debuginfo amazon-linux-ami-2-upgrade-squid-migration-script amazon-linux-ami-2-upgrade-squid-sysvinit References https://attackerkb.com/topics/cve-2023-49286 AL2/ALAS-2024-2381 CVE - 2023-49286

Ubuntu: (Multiple Advisories) (CVE-2023-49288): Squid vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/04/2023 Created 04/11/2024 Added 04/11/2024 Modified 01/30/2025 Description Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf. Solution(s) ubuntu-upgrade-squid References https://attackerkb.com/topics/cve-2023-49288 CVE - 2023-49288 USN-6728-1 USN-6728-2 USN-6728-3

Ubuntu: (Multiple Advisories) (CVE-2023-49285): Squid vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/04/2023 Created 01/25/2024 Added 01/24/2024 Modified 01/28/2025 Description Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) ubuntu-pro-upgrade-squid ubuntu-pro-upgrade-squid3 References https://attackerkb.com/topics/cve-2023-49285 CVE - 2023-49285 USN-6594-1 USN-6857-1

Oracle WebLogic: CVE-2023-49093 : Critical Patch Update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/04/2023 Created 02/03/2024 Added 02/02/2024 Modified 01/28/2025 Description HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0 Solution(s) oracle-weblogic-jan-2024-cpu-12_2_1_4_0 oracle-weblogic-jan-2024-cpu-14_1_1_0_0 References https://attackerkb.com/topics/cve-2023-49093 CVE - 2023-49093 http://www.oracle.com/security-alerts/cpujan2024.html https://support.oracle.com/rs?type=doc&id=2991923.2

Amazon Linux 2023: CVE-2023-6606: Important priority package update for kernel Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 12/04/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-72-96-166 amazon-linux-2023-upgrade-kernel-modules-extra amazon-linux-2023-upgrade-kernel-modules-extra-common amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-6606 CVE - 2023-6606 https://alas.aws.amazon.com/AL2023/ALAS-2024-488.html

Oracle Linux: CVE-2023-49286: ELSA-2024-0046:squid:4 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/04/2023 Created 01/06/2024 Added 01/04/2024 Modified 01/07/2025 Description Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. A flaw was found in Squid due to an incorrect check of the return value in the helper process management. This issue may allow attackers to perform remote denial of service. Solution(s) oracle-linux-upgrade-libecap oracle-linux-upgrade-libecap-devel oracle-linux-upgrade-squid oracle-linux-upgrade-squid-migration-script oracle-linux-upgrade-squid-sysvinit References https://attackerkb.com/topics/cve-2023-49286 CVE - 2023-49286 ELSA-2024-0046 ELSA-2024-1787 ELSA-2024-0071

Amazon Linux 2023: CVE-2023-49286: Medium priority package update for squid Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/04/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. A flaw was found in Squid due to an incorrect check of the return value in the helper process management. This issue may allow attackers to perform remote denial of service. Solution(s) amazon-linux-2023-upgrade-squid amazon-linux-2023-upgrade-squid-debuginfo amazon-linux-2023-upgrade-squid-debugsource References https://attackerkb.com/topics/cve-2023-49286 CVE - 2023-49286 https://alas.aws.amazon.com/AL2023/ALAS-2023-445.html

FreeBSD: VID-4405E9AD-97FE-11EE-86BB-A8A1599412C6 (CVE-2023-6510): chromium -- multiple security fixes Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/05/2023 Created 12/13/2023 Added 12/11/2023 Modified 01/28/2025 Description Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-qt5-webengine freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2023-6510

FreeBSD: VID-4405E9AD-97FE-11EE-86BB-A8A1599412C6 (CVE-2023-6509): chromium -- multiple security fixes Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/05/2023 Created 12/13/2023 Added 12/11/2023 Modified 01/28/2025 Description Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-qt5-webengine freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2023-6509

Amazon Linux AMI 2: CVE-2023-6175: Security patch for wireshark (ALAS-2023-2348) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/05/2023 Created 12/06/2023 Added 12/05/2023 Modified 03/28/2024 Description NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file Solution(s) amazon-linux-ami-2-upgrade-wireshark amazon-linux-ami-2-upgrade-wireshark-cli amazon-linux-ami-2-upgrade-wireshark-debuginfo amazon-linux-ami-2-upgrade-wireshark-devel References https://attackerkb.com/topics/cve-2023-6175 AL2/ALAS-2023-2348 CVE - 2023-6175