Project | docker-image|quay.io/argoproj/argocd-applicationset |
---|---|
Path | quay.io/argoproj/argocd-applicationset:v0.4.1/argoproj/argocd-applicationset |
Package Manager | deb |
Manifest | Dockerfile |
Loop with Unreachable Exit Condition ('Infinite Loop')
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream openssl
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
Remediation
Upgrade Ubuntu:21.10
openssl
to version 1.1.1l-1ubuntu1.2 or higher.
References
- ADVISORY
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- DEBIAN
- MLIST
- MLIST
- CONFIRM
- FEDORA
- CONFIRM
- CONFIRM
- CONFIRM
- FEDORA
- FEDORA
- CONFIRM
- MISC
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- FULLDISC
- FULLDISC
- FULLDISC
- MISC
- CONFIRM
- N/A
Exposure of Resource to Wrong Sphere
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream expat
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
Remediation
Upgrade Ubuntu:21.10
expat
to version 2.4.1-2ubuntu0.1 or higher.
References
Improper Encoding or Escaping of Output
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream expat
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
Remediation
Upgrade Ubuntu:21.10
expat
to version 2.4.1-2ubuntu0.1 or higher.
References
SQL Injection
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream cyrus-sasl2
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
Remediation
Upgrade Ubuntu:21.10
cyrus-sasl2
to version 2.1.27+dfsg-2.1ubuntu0.1 or higher.
References
Out-of-bounds Write
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream zlib
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Remediation
Upgrade Ubuntu:21.10
zlib
to version 1:1.2.11.dfsg-2ubuntu7.1 or higher.
References
- ADVISORY
- MISC
- MISC
- MLIST
- MLIST
- MISC
- CONFIRM
- MISC
- MISC
- DEBIAN
- MLIST
- FEDORA
- FEDORA
- FEDORA
- MLIST
- CONFIRM
- CONFIRM
- CONFIRM
- FULLDISC
- FULLDISC
- FULLDISC
- CONFIRM
- FEDORA
- N/A
- CONFIRM
- FEDORA
- FEDORA
CVE-2022-1271
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream xz-utils
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
Remediation
Upgrade Ubuntu:21.10
xz-utils
to version 5.2.5-2ubuntu0.1 or higher.
References
Files or Directories Accessible to External Parties
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream util-linux
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.
Remediation
Upgrade Ubuntu:21.10
util-linux
to version 2.36.1-8ubuntu2.2 or higher.
References
Files or Directories Accessible to External Parties
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream util-linux
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.
Remediation
Upgrade Ubuntu:21.10
util-linux
to version 2.36.1-8ubuntu2.2 or higher.
References
Out-of-bounds Read
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream sqlite3
package.
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.
Remediation
There is no fixed version for Ubuntu:21.10
sqlite3
.
References
Improper Verification of Cryptographic Signature
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream perl
package.
CPAN 2.28 allows Signature Verification Bypass.
Remediation
There is no fixed version for Ubuntu:21.10
perl
.
References
OS Command Injection
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream openssl
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).
Remediation
Upgrade Ubuntu:21.10
openssl
to version 1.1.1l-1ubuntu1.3 or higher.
References
OS Command Injection
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream openssl
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
Remediation
Upgrade Ubuntu:21.10
openssl
to version 1.1.1l-1ubuntu1.5 or higher.
References
Inadequate Encryption Strength
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream openssl
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).
Remediation
Upgrade Ubuntu:21.10
openssl
to version 1.1.1l-1ubuntu1.6 or higher.
References
SQL Injection
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream openldap
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.
Remediation
Upgrade Ubuntu:21.10
openldap
to version 2.5.6+dfsg-1~exp1ubuntu1.1 or higher.
References
NULL Pointer Dereference
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream krb5
package.
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
Remediation
There is no fixed version for Ubuntu:21.10
krb5
.
References
CVE-2022-1271
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream gzip
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
Remediation
Upgrade Ubuntu:21.10
gzip
to version 1.10-4ubuntu1.1 or higher.
References
Arbitrary Code Injection
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream gnupg2
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
Remediation
Upgrade Ubuntu:21.10
gnupg2
to version 2.2.20-1ubuntu4.1 or higher.
References
Off-by-one Error
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream glibc
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
Remediation
Upgrade Ubuntu:21.10
glibc
to version 2.34-0ubuntu3.2 or higher.
References
Unchecked Return Value
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream glibc
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.
Remediation
Upgrade Ubuntu:21.10
glibc
to version 2.34-0ubuntu3.2 or higher.
References
Uncontrolled Search Path Element
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream git
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder C:\.git
, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set GIT_PS1_SHOWDIRTYSTATE
are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in C:\.git\config
. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder .git
on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend GIT_CEILING_DIRECTORIES
to cover the parent directory of the user profile, e.g. C:\Users
if the user profile is located in C:\Users\my-user-name
.
Remediation
Upgrade Ubuntu:21.10
git
to version 1:2.32.0-1ubuntu1.2 or higher.
References
Uncontrolled Search Path Element
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream git
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.
Remediation
Upgrade Ubuntu:21.10
git
to version 1:2.32.0-1ubuntu1.3 or higher.
References
Integer Overflow or Wraparound
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream expat
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
Remediation
Upgrade Ubuntu:21.10
expat
to version 2.4.1-2ubuntu0.1 or higher.
References
Integer Overflow or Wraparound
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream expat
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Remediation
Upgrade Ubuntu:21.10
expat
to version 2.4.1-2ubuntu0.1 or higher.
References
Integer Overflow or Wraparound
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream expat
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Remediation
Upgrade Ubuntu:21.10
expat
to version 2.4.1-2ubuntu0.1 or higher.
References
Integer Overflow or Wraparound
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream expat
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Remediation
Upgrade Ubuntu:21.10
expat
to version 2.4.1-2ubuntu0.1 or higher.
References
Integer Overflow or Wraparound
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream expat
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Remediation
Upgrade Ubuntu:21.10
expat
to version 2.4.1-2ubuntu0.1 or higher.
References
Integer Overflow or Wraparound
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream expat
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Remediation
Upgrade Ubuntu:21.10
expat
to version 2.4.1-2ubuntu0.1 or higher.
References
Integer Overflow or Wraparound
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream expat
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Remediation
Upgrade Ubuntu:21.10
expat
to version 2.4.1-2ubuntu0.1 or higher.
References
Integer Overflow or Wraparound
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream expat
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
Remediation
Upgrade Ubuntu:21.10
expat
to version 2.4.1-2ubuntu0.1 or higher.
References
Integer Overflow or Wraparound
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream expat
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
Remediation
Upgrade Ubuntu:21.10
expat
to version 2.4.1-2ubuntu0.1 or higher.
References
Integer Overflow or Wraparound
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream expat
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
Remediation
Upgrade Ubuntu:21.10
expat
to version 2.4.1-2ubuntu0.3 or higher.
References
Integer Overflow or Wraparound
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream expat
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
Remediation
Upgrade Ubuntu:21.10
expat
to version 2.4.1-2ubuntu0.3 or higher.
References
Resource Exhaustion
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream expat
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
Remediation
Upgrade Ubuntu:21.10
expat
to version 2.4.1-2ubuntu0.3 or higher.
References
Out-of-bounds Read
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream e2fsprogs
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.
Remediation
Upgrade Ubuntu:21.10
e2fsprogs
to version 1.46.3-1ubuntu3.1 or higher.
References
Directory Traversal
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream dpkg
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
Remediation
Upgrade Ubuntu:21.10
dpkg
to version 1.20.9ubuntu2.2 or higher.
References
Improper Authentication
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream curl
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
Remediation
Upgrade Ubuntu:21.10
curl
to version 7.74.0-1.3ubuntu2.1 or higher.
References
Insufficiently Protected Credentials
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream curl
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
Remediation
Upgrade Ubuntu:21.10
curl
to version 7.74.0-1.3ubuntu2.1 or higher.
References
Improper Certificate Validation
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream curl
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
Remediation
Upgrade Ubuntu:21.10
curl
to version 7.74.0-1.3ubuntu2.2 or higher.
References
Out-of-bounds Write
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream curl
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
Remediation
Upgrade Ubuntu:21.10
curl
to version 7.74.0-1.3ubuntu2.3 or higher.
References
Incorrect Default Permissions
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream curl
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the updated file accessible to more users than intended.
Remediation
Upgrade Ubuntu:21.10
curl
to version 7.74.0-1.3ubuntu2.3 or higher.
References
Allocation of Resources Without Limits or Throttling
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream curl
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
Remediation
Upgrade Ubuntu:21.10
curl
to version 7.74.0-1.3ubuntu2.3 or higher.
References
Allocation of Resources Without Limits or Throttling
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream curl
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
A malicious server can serve excessive amounts of Set-Cookie:
headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on foo.example.com
can set cookies that also would match for bar.example.com
, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.
Remediation
Upgrade Ubuntu:21.10
curl
to version 7.74.0-1.3ubuntu2.3 or higher.
References
NULL Pointer Dereference
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream tar
package.
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
Remediation
There is no fixed version for Ubuntu:21.10
tar
.
References
- Debian Security Tracker
- MISC
- MISC
- MISC
- MLIST
- MLIST
- OpenSuse Security Announcement
- Ubuntu CVE Tracker
CVE-2021-36690
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream sqlite3
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.
Remediation
Upgrade Ubuntu:21.10
sqlite3
to version 3.35.5-1ubuntu0.1 or higher.
References
CVE-2020-9991
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream sqlite3
package.
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.
Remediation
There is no fixed version for Ubuntu:21.10
sqlite3
.
References
Information Exposure
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream sqlite3
package.
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory.
Remediation
There is no fixed version for Ubuntu:21.10
sqlite3
.
References
Time-of-check Time-of-use (TOCTOU)
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream shadow
package.
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
Remediation
There is no fixed version for Ubuntu:21.10
shadow
.
References
Out-of-bounds Read
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream pcre3
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
Remediation
Upgrade Ubuntu:21.10
pcre3
to version 2:8.39-13ubuntu0.21.10.1 or higher.
References
Uncontrolled Recursion
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream pcre3
package.
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.
Remediation
There is no fixed version for Ubuntu:21.10
pcre3
.
References
Out-of-bounds Read
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream pcre2
package.
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
Remediation
There is no fixed version for Ubuntu:21.10
pcre2
.
References
Out-of-bounds Read
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream pcre2
package.
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
Remediation
There is no fixed version for Ubuntu:21.10
pcre2
.
References
Double Free
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream patch
package.
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.
Remediation
There is no fixed version for Ubuntu:21.10
patch
.
References
- CVE Details
- Debian Security Tracker
- Gentoo Security Advisory
- MISC
- REDHAT
- Security Focus
- Ubuntu CVE Tracker
Release of Invalid Pointer or Reference
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream patch
package.
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.
Remediation
There is no fixed version for Ubuntu:21.10
patch
.
References
CVE-2021-41617
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream openssh
package.
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.
Remediation
There is no fixed version for Ubuntu:21.10
openssh
.
References
Information Exposure
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream openssh
package.
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
Remediation
There is no fixed version for Ubuntu:21.10
openssh
.
References
Out-of-bounds Read
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream ncurses
package.
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
Remediation
There is no fixed version for Ubuntu:21.10
ncurses
.
References
Out-of-bounds Read
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream libsepol
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.
Remediation
Upgrade Ubuntu:21.10
libsepol
to version 3.1-1ubuntu2.1 or higher.
References
Use After Free
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream libsepol
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).
Remediation
Upgrade Ubuntu:21.10
libsepol
to version 3.1-1ubuntu2.1 or higher.
References
Use After Free
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream libsepol
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).
Remediation
Upgrade Ubuntu:21.10
libsepol
to version 3.1-1ubuntu2.1 or higher.
References
Use After Free
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream libsepol
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).
Remediation
Upgrade Ubuntu:21.10
libsepol
to version 3.1-1ubuntu2.1 or higher.
References
Integer Overflow or Wraparound
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream krb5
package.
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.
Remediation
There is no fixed version for Ubuntu:21.10
krb5
.
References
Integer Overflow or Wraparound
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream gmp
package.
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
Remediation
There is no fixed version for Ubuntu:21.10
gmp
.
References
Buffer Overflow
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream glibc
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
Remediation
Upgrade Ubuntu:21.10
glibc
to version 2.34-0ubuntu3.2 or higher.
References
Buffer Overflow
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream glibc
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
Remediation
Upgrade Ubuntu:21.10
glibc
to version 2.34-0ubuntu3.2 or higher.
References
Allocation of Resources Without Limits or Throttling
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream glibc
package.
sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.
Remediation
There is no fixed version for Ubuntu:21.10
glibc
.
References
Improper Input Validation
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream git
package.
GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).
Remediation
There is no fixed version for Ubuntu:21.10
git
.
References
- Debian Security Tracker
- http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html
- Ubuntu CVE Tracker
Incorrect Calculation
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream expat
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
Remediation
Upgrade Ubuntu:21.10
expat
to version 2.4.1-2ubuntu0.1 or higher.
References
CVE-2022-27775
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream curl
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
Remediation
Upgrade Ubuntu:21.10
curl
to version 7.74.0-1.3ubuntu2.1 or higher.
References
Insufficiently Protected Credentials
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream curl
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
Remediation
Upgrade Ubuntu:21.10
curl
to version 7.74.0-1.3ubuntu2.1 or higher.
References
Loop with Unreachable Exit Condition ('Infinite Loop')
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream curl
package.
See How to fix?
for Ubuntu:21.10
relevant versions.
libcurl provides the CURLOPT_CERTINFO
option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
Remediation
Upgrade Ubuntu:21.10
curl
to version 7.74.0-1.3ubuntu2.2 or higher.
References
Improper Input Validation
Detailed paths
NVD Description
Note: Versions mentioned in the description apply to the upstream coreutils
package.
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
Remediation
There is no fixed version for Ubuntu:21.10
coreutils
.