Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

CVE-2023-41359: bgpd: Make sure we have enough data to read two bytes when validating AIGP by ton31337 · Pull Request #14232 · FRRouting/frr

An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.

CVE
Open in Source
#amazon#ubuntu#debian#git#c++#amd#rpm
CVE-2023-41361: bgpd: Check the length of the rcv software version by ton31337 · Pull Request #14241 · FRRouting/frr

An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.

CVE-2023-40857: heap-buffer-overflow libyara/exec.c:1426 in yr_execute_code · Issue #1945 · VirusTotal/yara

Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component.

CVE-2023-40781: heap-buffer-overflow in r_readc() at fromswf.c:264 · Issue #288 · libming/libming

Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function.

Debian Security Advisory 5483-1

Debian Linux Security Advisory 5483-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

CVE-2023-38712: Tags · libreswan/libreswan

An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.

Ubuntu Security Notice USN-6307-1

Ubuntu Security Notice 6307-1 - It was discovered that JOSE for C/C++ AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. An attacker could use this to cause a denial of service or might expose sensitive information.

CVE-2023-40022: [gnuv2] Fix multiplication overflow check due compiler optimizations … · rizinorg/rz-libdemangle@51d0167

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in `consume_count` of `src/gnu_v2/cplus-dem.c`. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block as unreachable code since the prior statement is multiplication by 10 and fails to consider overflow assuming the count will always be a multiple of 10. Rizin version 0.6.1 contains a fix for the issue. A temporary workaround would be disabling C++ demangling using the configuration option `bin.demangle=false`.

Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT

This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.