#dos

### Impact NVFLARE contains a vulnerability where deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. All versions before 2.1.4 are affected. CVSS Score = 9.8 [AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ### Patches The patch is included in nvflare==2.1.4 This new version uses MessagePack instead of Pickle to do serialization and deserialization. Some object serializations supported by Pickle are not supported by MessagePack. We have provided out of box support for some built-in NVFLARE objects. For object serializations unsupported by MessagePack, the user will need to convert the objects to numpy or bytes before sending over to remote machines. The list of supported object types are listed in https://github.com/NVIDIA/NV...

### Impact Possible ReDoS with lib input of `{{` and with many repetitions of `{{|`. ### Patches Patched in all versions above `0.2.5` ### Workarounds No known work arounds. ### References - OWASP: [Regular expression Denial of Service - ReDoS](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS) - Wikipedia: [ReDoS](https://en.wikipedia.org/wiki/ReDoS). - Wikipedia: [Time complexity](https://en.wikipedia.org/wiki/Time_complexity). - James Kirrage, Asiri Rathnayake, Hayo Thielecke: [Static Analysis for Regular Expression Denial-of-Service Attack](http://www.cs.bham.ac.uk/~hxt/research/reg-exp-sec.pdf). - Common Weakness Enumeration: [CWE-1333](https://cwe.mitre.org/data/definitions/1333.html). - Common Weakness Enumeration: [CWE-400](https://cwe.mitre.org/data/definitions/400.html).

### Impact The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.3/rooms/v10/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including v1.61, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. ### Patches Administrators of homeservers with federation enabled are advised to upgrade to v1.62.0 or higher. ### Workarounds * Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`). ### References * https://github.com/matrix-org/synapse/pull/13087 * https://github.com/matrix-org/synapse/pull/13088 ### For more information If you have...

Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition.

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting.

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg.

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList.

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg.

But one issue that lets websites overwrite content on a user's system clipboard appears unfixed in the new Version 105 of Chrome.

Ubuntu Security Notice 5590-1 - Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service.