Findings for Container Security, High, [TheRedHatter/javagoof:Dockerfile]:Out-of-bounds Read #1775
Comments
|
Finding [47832959|https://preprod.armorcode.ai/#/findings/257/1167/47832959], [47832958|https://preprod.armorcode.ai/#/findings/257/1167/47832958], [47832938|https://preprod.armorcode.ai/#/findings/257/1167/47832938], [47833149|https://preprod.armorcode.ai/#/findings/257/1167/47833149], [47833086|https://preprod.armorcode.ai/#/findings/257/1167/47833086], [47833053|https://preprod.armorcode.ai/#/findings/257/1167/47833053], [47833162|https://preprod.armorcode.ai/#/findings/257/1167/47833162], [47833077|https://preprod.armorcode.ai/#/findings/257/1167/47833077], [47833154|https://preprod.armorcode.ai/#/findings/257/1167/47833154], [47833156|https://preprod.armorcode.ai/#/findings/257/1167/47833156], [47833178|https://preprod.armorcode.ai/#/findings/257/1167/47833178], [47833101|https://preprod.armorcode.ai/#/findings/257/1167/47833101], [47833145|https://preprod.armorcode.ai/#/findings/257/1167/47833145], [47833188|https://preprod.armorcode.ai/#/findings/257/1167/47833188], [47833125|https://preprod.armorcode.ai/#/findings/257/1167/47833125], [47833157|https://preprod.armorcode.ai/#/findings/257/1167/47833157], [47833146|https://preprod.armorcode.ai/#/findings/257/1167/47833146], [47833090|https://preprod.armorcode.ai/#/findings/257/1167/47833090], [47833183|https://preprod.armorcode.ai/#/findings/257/1167/47833183] are Mitigated |
|
Finding [47833125|https://preprod.armorcode.ai/#/findings/257/1167/47833125] , [47833157|https://preprod.armorcode.ai/#/findings/257/1167/47833157] , [47833077|https://preprod.armorcode.ai/#/findings/257/1167/47833077] , [47833146|https://preprod.armorcode.ai/#/findings/257/1167/47833146] , [47833156|https://preprod.armorcode.ai/#/findings/257/1167/47833156] , [47833183|https://preprod.armorcode.ai/#/findings/257/1167/47833183] , [47833149|https://preprod.armorcode.ai/#/findings/257/1167/47833149] , [47833178|https://preprod.armorcode.ai/#/findings/257/1167/47833178] , [47833086|https://preprod.armorcode.ai/#/findings/257/1167/47833086] , [47833090|https://preprod.armorcode.ai/#/findings/257/1167/47833090] , [47833154|https://preprod.armorcode.ai/#/findings/257/1167/47833154] , [47833162|https://preprod.armorcode.ai/#/findings/257/1167/47833162] , [47833188|https://preprod.armorcode.ai/#/findings/257/1167/47833188] , [47832938|https://preprod.armorcode.ai/#/findings/257/1167/47832938] , [47833101|https://preprod.armorcode.ai/#/findings/257/1167/47833101] , [47833145|https://preprod.armorcode.ai/#/findings/257/1167/47833145] , [47832958|https://preprod.armorcode.ai/#/findings/257/1167/47832958] , [47832959|https://preprod.armorcode.ai/#/findings/257/1167/47832959] , [47833053|https://preprod.armorcode.ai/#/findings/257/1167/47833053] status changed to Confirmed |
Findings for Container Security, High, [TheRedHatter/javagoof:Dockerfile]:Out-of-bounds Read
Component Details
NVD Description
Note:
Versions mentioned in the description apply to the upstream
nsspackage.See
How to fix?forDebian:9relevant versions.When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
References
Origin : null
Type : null
Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note:
Versions mentioned in the description apply to the upstream
libsndfilepackage.See
How to fix?forDebian:9relevant versions.An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
References
Origin : null
Type : null
Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note:
Versions mentioned in the description apply to the upstream
sqlite3package.See
How to fix?forDebian:9relevant versions.In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.
References
Origin : null
Type : null
Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note:
Versions mentioned in the description apply to the upstream
libvorbispackage.See
How to fix?forDebian:9relevant versions.bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
References
Origin : null
Type : null
Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note:
Versions mentioned in the description apply to the upstream
libsndfilepackage.See
How to fix?forDebian:9relevant versions.An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
References
Origin : null
Type : null
Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note:
Versions mentioned in the description apply to the upstream
giflibpackage.An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.
References
Origin : null
Type : null
Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note:
Versions mentioned in the description apply to the upstream
libssh2package.See
How to fix?forDebian:9relevant versions.In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.
References
Origin : null
Type : null
Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note:
Versions mentioned in the description apply to the upstream
glib2.0package.See
How to fix?forDebian:9relevant versions.GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().
References
Origin : null
Type : null
Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note:
Versions mentioned in the description apply to the upstream
perlpackage.See
How to fix?forDebian:9relevant versions.An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
References
Origin : null
Type : null
Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note:
Versions mentioned in the description apply to the upstream
openssl1.0package.See
How to fix?forDebian:9relevant versions.ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).
References
Origin : null
Type : null
Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note:
Versions mentioned in the description apply to the upstream
libsndfilepackage.See
How to fix?forDebian:9relevant versions.An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.
References
Origin : null
Type : null
Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note:
Versions mentioned in the description apply to the upstream
libjpeg-turbopackage.See
How to fix?forDebian:9relevant versions.libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
References
Origin : null
Type : null
Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note:
Versions mentioned in the description apply to the upstream
expatpackage.See
How to fix?forDebian:9relevant versions.In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
References
Origin : null
Type : null
Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note:
Versions mentioned in the description apply to the upstream
opensslpackage.See
How to fix?forDebian:9relevant versions.ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).
References
Origin : null
Type : null
Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note:
Versions mentioned in the description apply to the upstream
openldappackage.See
How to fix?forDebian:9relevant versions.A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).
References
Origin : null
Type : null
Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note:
Versions mentioned in the description apply to the upstream
libvorbispackage.See
How to fix?forDebian:9relevant versions.mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
References
Origin : null
Type : null
Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note:
Versions mentioned in the description apply to the upstream
curlpackage.See
How to fix?forDebian:9relevant versions.libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (
lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.References
Origin : null
Type : null
Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note:
Versions mentioned in the description apply to the upstream
curlpackage.See
How to fix?forDebian:9relevant versions.libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to
smtp_endofresp()isn't NUL terminated and contains no character ending the parsed number, andlenis set to 5, then thestrtol()call reads beyond the allocated buffer. The read contents will not be returned to the caller.References
Origin : null
Type : null
Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note:
Versions mentioned in the description apply to the upstream
tiffpackage.See
How to fix?forDebian:9relevant versions.In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.
References
Origin : null
Type : null
Image Id : null
Snyk Project Status: Active
The text was updated successfully, but these errors were encountered: