-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge remote-tracking branch 'origin/main' into mangoiv/hsec-cabal
- Loading branch information
Showing
17 changed files
with
281 additions
and
74 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../bzlib/HSEC-2024-0002.md |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../bzlib/HSEC-2024-0002.md |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
```toml | ||
[advisory] | ||
id = "HSEC-2024-0002" | ||
cwe = [787] | ||
keywords = ["corruption", "vendored-code", "language-c"] | ||
aliases = ["CVE-2019-12900"] | ||
|
||
[[references]] | ||
type = "DISCUSSION" | ||
url = "https://gnu.wildebeest.org/blog/mjw/2019/08/02/bzip2-and-the-cve-that-wasnt/" | ||
|
||
[[references]] | ||
type = "DISCUSSION" | ||
url = "http://scary.beasts.org/security/CESA-2008-005.html" | ||
|
||
[[references]] | ||
type = "ADVISORY" | ||
url = "https://access.redhat.com/security/cve/cve-2019-12900" | ||
|
||
[[references]] | ||
type = "FIX" | ||
url = "https://sourceware.org/git/?p=bzip2.git;a=commit;h=7ed62bfb46e87a9e878712603469440e6882b184" | ||
|
||
[[affected]] | ||
package = "bzlib" | ||
cvss = "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" | ||
|
||
[[affected.versions]] | ||
introduced = "0.4" | ||
fixed = "0.5.2.0" | ||
|
||
[[affected]] | ||
package = "bz2" | ||
cvss = "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" | ||
|
||
[[affected.versions]] | ||
introduced = "0.1.0.0" | ||
fixed = "1.0.1.1" | ||
|
||
[[affected]] | ||
package = "bzlib-conduit" | ||
cvss = "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" | ||
|
||
[[affected.versions]] | ||
introduced = "0.1.0.0" | ||
fixed = "0.3.0.3" | ||
``` | ||
|
||
# out-of-bounds write when there are many bzip2 selectors | ||
|
||
A malicious bzip2 payload may produce a memory corruption | ||
resulting in a denial of service and/or remote code execution. | ||
Network services or command line utilities decompressing | ||
untrusted bzip2 payloads are affected. | ||
|
||
Note that the exploitation of this bug relies on an undefined | ||
behavior that appears to be handled safely by current compilers. | ||
|
||
The Haskell libraires are vulnerable when they are built using | ||
the bundled C library source code, which is the default | ||
in most cases. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
```toml | ||
[advisory] | ||
id = "HSEC-2024-0001" | ||
cwe = [79] | ||
keywords = ["http", "xss", "rxss", "historic"] | ||
|
||
[[references]] | ||
type = "FIX" | ||
url = "https://github.com/snoyberg/keter/pull/246" | ||
|
||
[[affected]] | ||
package = "keter" | ||
cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" | ||
declarations."Keter.Proxy.toResponse" = ">= 0.3.4 && < 1.0.1" | ||
declarations."Keter.Proxy.unknownHostResponse" = ">= 1.0.1 && < 1.8.4" | ||
|
||
[[affected.versions]] | ||
introduced = "0.3.4" | ||
fixed = "1.8.4" | ||
``` | ||
|
||
# Reflected XSS vulnerability in keter | ||
|
||
Keter is an app-server/reverse-proxy often used with webapps build on Yesod web-framework. | ||
|
||
In the logic handling VHost dispatch, Keter was echoing back `Host` header value, unescaped, | ||
as part of an HTML error page. This constitutes a reflected-XSS vulnerability. Although | ||
not readily exploitable directly from a browser (where `Host` header can't generally assume | ||
arbitrary values), it may become such in presence of further weaknesses in components | ||
upstream of Keter in the http proxying chain. Therefore, AC:High in CVSS evaluation. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.