Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4.

We found a heap-buffer-overflow in podofo 0.10.0(main/PdfEncrypt.cpp:1132:5 in PoDoFo::PdfEncryptRC4::PdfEncryptRC4).

**Command Input**

podofopdfinfo poc_file 

poc\_file is attached.

**Sanitizer Dump**

    ==3975233==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000122f at pc 0x0000004ab677 bp 0x7ffc5060df20 sp 0x7ffc5060d6e8
    READ of size 32 at 0x60300000122f thread T0
        #0 0x4ab676 in __asan_memcpy /root/test/fuzzing_python/llvm-project-llvmorg-12.0.0/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3
        #1 0x64570f in PoDoFo::PdfEncryptRC4::PdfEncryptRC4(PoDoFo::PdfString, PoDoFo::PdfString, PoDoFo::PdfPermissions, int, PoDoFo::PdfEncryptAlgorithm, int, bool) /root/target/Invariants/podofo-0.10.0/src/podofo/main/PdfEncrypt.cpp:1132:5
        #2 0x638356 in PoDoFo::PdfEncrypt::CreateFromObject(PoDoFo::PdfObject const&) /root/target/Invariants/podofo-0.10.0/src/podofo/main/PdfEncrypt.cpp:556:43
        #3 0x79b3a8 in PoDoFo::PdfParser::ReadObjects(PoDoFo::InputStreamDevice&) /root/target/Invariants/podofo-0.10.0/src/podofo/main/PdfParser.cpp:631:29
        #4 0x798f13 in PoDoFo::PdfParser::Parse(PoDoFo::InputStreamDevice&, bool) /root/target/Invariants/podofo-0.10.0/src/podofo/main/PdfParser.cpp:83:9
        #5 0x71c42e in PoDoFo::PdfMemDocument::loadFromDevice(std::shared_ptr<PoDoFo::InputStreamDevice> const&, std::basic_string_view<char, std::char_traits<char> > const&) /root/target/Invariants/podofo-0.10.0/src/podofo/main/PdfMemDocument.cpp:148:12
        #6 0x71dcdd in PoDoFo::PdfMemDocument::LoadFromDevice(std::shared_ptr<PoDoFo::InputStreamDevice> const&, std::basic_string_view<char, std::char_traits<char> > const&) /root/target/Invariants/podofo-0.10.0/src/podofo/main/PdfMemDocument.cpp:137:5
        #7 0x71d8eb in PoDoFo::PdfMemDocument::Load(std::basic_string_view<char, std::char_traits<char> > const&, std::basic_string_view<char, std::char_traits<char> > const&) /root/target/Invariants/podofo-0.10.0/src/podofo/main/PdfMemDocument.cpp:119:5
        #8 0x4e1be9 in PdfInfoHelper::PdfInfoHelper(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /root/target/Invariants/podofo-0.10.0/tools/podofopdfinfo/pdfinfo.cpp:16:12
        #9 0x4e06b7 in main /root/target/Invariants/podofo-0.10.0/tools/podofopdfinfo/podofopdfinfo.cpp:94:23
        #10 0x7f5ed7b54082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
        #11 0x43106d in _start (/root/target/Invariants/podofo-0.10.0/build_clang/target/podofopdfinfo+0x43106d)
    
    0x60300000122f is located 0 bytes to the right of 31-byte region [0x603000001210,0x60300000122f)
    allocated by thread T0 here:
        #0 0x4dd3dd in operator new(unsigned long) /root/test/fuzzing_python/llvm-project-llvmorg-12.0.0/compiler-rt/lib/asan/asan_new_delete.cpp:99:3
        #1 0x7f5ed800487f in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::reserve(unsigned long) (/lib/x86_64-linux-gnu/libstdc++.so.6+0x14387f)
        #2 0x87564a in PoDoFo::StandardStreamDevice::readChar(char&) /root/target/Invariants/podofo-0.10.0/src/podofo/auxiliary/StreamDevice.cpp:290:12
        #3 0x868d29 in PoDoFo::InputStream::Read(char&) /root/target/Invariants/podofo-0.10.0/src/podofo/auxiliary/InputStream.cpp:53:12
        #4 0x7e319a in readHexString(PoDoFo::InputStreamDevice&, PoDoFo::charbuff_t<void>&) /root/target/Invariants/podofo-0.10.0/src/podofo/main/PdfTokenizer.cpp:801:16
    LLVMSymbolizer: error reading file: No such file or directory
        #5 0x7ffc50612342  ([stack]+0x20342)
    
    SUMMARY: AddressSanitizer: heap-buffer-overflow /root/test/fuzzing_python/llvm-project-llvmorg-12.0.0/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3 in __asan_memcpy
    Shadow bytes around the buggy address:
      0x0c067fff81f0: 00 fa fa fa 00 00 00 00 fa fa 00 00 00 fa fa fa
      0x0c067fff8200: fd fd fd fa fa fa 00 00 00 fa fa fa fd fd fd fa
      0x0c067fff8210: fa fa 00 00 00 fa fa fa 00 00 00 fa fa fa 00 00
      0x0c067fff8220: 00 fa fa fa fd fd fd fa fa fa 00 00 00 fa fa fa
      0x0c067fff8230: 00 00 00 fa fa fa 00 00 00 fa fa fa fd fd fd fa
    =>0x0c067fff8240: fa fa 00 00 00[07]fa fa 00 00 00 fa fa fa 00 00
      0x0c067fff8250: 00 00 fa fa fd fd fd fa fa fa fd fd fd fa fa fa
      0x0c067fff8260: 00 00 00 fa fa fa fd fd fd fd fa fa 00 00 00 00
      0x0c067fff8270: fa fa 00 00 00 fa fa fa fd fd fd fa fa fa 00 00
      0x0c067fff8280: 00 fa fa fa 00 00 00 00 fa fa 00 00 00 fa fa fa
      0x0c067fff8290: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fa
    Shadow byte legend (one shadow byte represents 8 application bytes):
      Addressable:           00
      Partially addressable: 01 02 03 04 05 06 07 
      Heap left redzone:       fa
      Freed heap region:       fd
      Stack left redzone:      f1
      Stack mid redzone:       f2
      Stack right redzone:     f3
      Stack after return:      f5
      Stack use after scope:   f8
      Global redzone:          f9
      Global init order:       f6
      Poisoned by user:        f7
      Container overflow:      fc
      Array cookie:            ac
      Intra object redzone:    bb
      ASan internal:           fe
      Left alloca redzone:     ca
      Right alloca redzone:    cb
      Shadow gap:              cc
    ==3975233==ABORTING
    

**Environment**

*   OS: Ubuntu 20.04.1
*   clang:12.0.0
*   podofo:0.10.0

we built podofo with AddressSanitizer (ASAN) .

cmake -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_C_COMPILER=clang -DCMAKE_C_FLAGS="-O0 -fsanitize=address" -DCMAKE_CXX_FLAGS="-O0 -fsanitize=address"

poc\_file.zip

CVE-2023-31568: Heap-buffer-overflow in podofo 0.10.0(main/PdfEncrypt.cpp:1132:5 in PoDoFo::PdfEncryptRC4::PdfEncryptRC4) · Issue #72 · podofo/podofo

podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad.

When using podofopdfinfo to parse a PDF file, a SIGSEGV error occurs. By debugging with gdb, it was found that the error occurred at line 163 in podofo-0.10.0/src/podofo/main/PdfObject.cpp:

if (m\_IsDelayedLoadDone)

When checking the value of m\_IsDelayedLoadDone with "p" command, it was found that the value was 0x31. As a boolean value, it should only be assigned either 0 or 1, but not any other numbers. Previously, PoDoFo::PdfObject::DelayedLoad was also called and executed normally, but calling this function in the getString() function would result in a failure. The specific gdb bt stack trace is as follows.

**Command Input**

podofopdfinfo poc\_file

poc\_file are attached.

**Environment**

*   OS: Ubuntu 20.04.1
*   clang:12.0.0
*   podofo:0.10.0

poc\_file.zip

CVE-2023-31555: [podofo-0.10.0]a SIGSEGV error occurs · Issue #67 · podofo/podofo

xpdf pdfimages v4.04 was discovered to contain a stack overflow in the component Catalog::readPageLabelTree2(Object*). This vulnerability allows attackers to cause a Denial of Service (DoS).

CVE-2023-31554: A stack-overflow in pdfimages xpdf4.04

Ubuntu Security Notice 6064-1 - It was discovered that SQL parse incorrectly handled certain regular expression. An attacker could possibly use this issue to cause a denial of service.

=========================================================================  
Ubuntu Security Notice USN-6064-1  
May 10, 2023

sqlparse vulnerability  
=========================================================================  
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

SQL parse could be made to denial of service if it received  
a specially crafted regular expression.

Software Description:  
- sqlparse: documentation for non-validating SQL parser in Python

Details:

It was discovered that SQL parse incorrectly handled certain regular expression.  
An attacker could possibly use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
  python3-sqlparse                0.4.2-1ubuntu0.23.04.1

Ubuntu 22.10:  
  python3-sqlparse                0.4.2-1ubuntu0.22.10.1

Ubuntu 22.04 LTS:  
  python3-sqlparse                0.4.2-1ubuntu0.22.04.1

Ubuntu 20.04 LTS:  
  python3-sqlparse                0.2.4-3ubuntu0.1

Ubuntu 18.04 LTS:  
  python-sqlparse                 0.2.4-0.1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6064-1  
  CVE-2023-30608

Package Information:  
  https://launchpad.net/ubuntu/+source/sqlparse/0.4.2-1ubuntu0.23.04.1  
  https://launchpad.net/ubuntu/+source/sqlparse/0.4.2-1ubuntu0.22.10.1  
  https://launchpad.net/ubuntu/+source/sqlparse/0.4.2-1ubuntu0.22.04.1  
  https://launchpad.net/ubuntu/+source/sqlparse/0.2.4-3ubuntu0.1  
  https://launchpad.net/ubuntu/+source/sqlparse/0.2.4-0.1ubuntu0.1

Ubuntu Security Notice USN-6064-1

Ubuntu Security Notice 6068-1 - David Marchand discovered that Open vSwitch incorrectly handled IP packets with the protocol set to 0. A remote attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6068-1  
May 10, 2023

openvswitch vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Open vSwitch could be made to stop forwarding packets if it received  
specially crafted network traffic.

Software Description:  
- openvswitch: Ethernet virtual switch

Details:

David Marchand discovered that Open vSwitch incorrectly handled IP packets  
with the protocol set to 0. A remote attacker could possibly use this issue  
to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
   openvswitch-common              3.0.3-0ubuntu0.22.10.3  
   python3-openvswitch             3.0.3-0ubuntu0.22.10.3

Ubuntu 22.04 LTS:  
   openvswitch-common              2.17.5-0ubuntu0.22.04.2  
   python3-openvswitch             2.17.5-0ubuntu0.22.04.2

Ubuntu 20.04 LTS:  
   openvswitch-common              2.13.8-0ubuntu1.2  
   python3-openvswitch             2.13.8-0ubuntu1.2

Ubuntu 18.04 LTS:  
   openvswitch-common              2.9.8-0ubuntu0.18.04.5  
   python-openvswitch              2.9.8-0ubuntu0.18.04.5  
   python3-openvswitch             2.9.8-0ubuntu0.18.04.5

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6068-1  
   CVE-2023-1668

Package Information:  
   https://launchpad.net/ubuntu/+source/openvswitch/3.0.3-0ubuntu0.22.10.3  
   https://launchpad.net/ubuntu/+source/openvswitch/2.17.5-0ubuntu0.22.04.2  
   https://launchpad.net/ubuntu/+source/openvswitch/2.13.8-0ubuntu1.2  
   https://launchpad.net/ubuntu/+source/openvswitch/2.9.8-0ubuntu0.18.04.5

Ubuntu Security Notice USN-6068-1

Ubuntu Security Notice 6067-1 - David Sinquin discovered that OpenStack Neutron incorrectly handled the default Open vSwitch firewall rules. An attacker could possibly use this issue to impersonate the IPv6 addresses of other systems on the network. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Jake Yip and Justin Mammarella discovered that OpenStack Neutron incorrectly handled the linuxbridge driver when ebtables-nft is being used. An attacker could possibly use this issue to impersonate the hardware address of other systems on the network. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.

==========================================================================  
Ubuntu Security Notice USN-6067-1  
May 10, 2023

neutron vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in OpenStack Neutron.

Software Description:  
- neutron: OpenStack Virtual Network Service

Details:

David Sinquin discovered that OpenStack Neutron incorrectly handled the  
default Open vSwitch firewall rules. An attacker could possibly use this  
issue to impersonate the IPv6 addresses of other systems on the network.  
This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.  
(CVE-2021-20267)

Jake Yip and Justin Mammarella discovered that OpenStack Neutron  
incorrectly handled the linuxbridge driver when ebtables-nft is being  
used. An attacker could possibly use this issue to impersonate the hardware  
addresss of other systems on the network. This issue only affected Ubuntu  
18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-38598)

Pavel Toporkov discovered that OpenStack Neutron incorrectly handled  
extra_dhcp_opts values. An attacker could possibly use this issue to  
reconfigure dnsmasq. This issue only affected Ubuntu 18.04 LTS, and Ubuntu  
20.04 LTS. (CVE-2021-40085)

Slawek Kaplonski discovered that OpenStack Neutron incorrectly handled the  
routes middleware. An attacker could possibly use this issue to cause the  
API worker to consume memory, leading to a denial of service. This issue  
only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-40797)

It was discovered that OpenStack Neutron incorrectly handled certain  
queries. A remote authenticated user could possibly use this issue to cause  
resource consumption, leading to a denial of service. (CVE-2022-3277)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   python3-neutron                 2:20.3.0-0ubuntu1.1

Ubuntu 20.04 LTS:  
   python3-neutron                 2:16.4.2-0ubuntu6.2

Ubuntu 18.04 LTS:  
   python-neutron                  2:12.1.1-0ubuntu8.1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6067-1  
   CVE-2021-20267, CVE-2021-38598, CVE-2021-40085, CVE-2021-40797,  
   CVE-2022-3277

Package Information:  
   https://launchpad.net/ubuntu/+source/neutron/2:20.3.0-0ubuntu1.1  
   https://launchpad.net/ubuntu/+source/neutron/2:16.4.2-0ubuntu6.2  
   https://launchpad.net/ubuntu/+source/neutron/2:12.1.1-0ubuntu8.1

Ubuntu Security Notice USN-6067-1

Ubuntu Security Notice 6066-1 - It was discovered that OpenStack Heat incorrectly handled certain hidden parameter values. A remote authenticated user could possibly use this issue to obtain sensitive data.

==========================================================================  
Ubuntu Security Notice USN-6066-1  
May 10, 2023

heat vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

OpenStack Heat could be made to expose sensitive information.

Software Description:  
- heat: OpenStack Orchestration Service

Details:

It was discovered that OpenStack Heat incorrectly handled certain hidden  
parameter values. A remote authenticated user could possibly use this issue  
to obtain sensitive data.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   python3-heat                    1:14.2.0-0ubuntu1.1

Ubuntu 18.04 LTS:  
   python-heat                     1:10.0.2-0ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6066-1  
   CVE-2023-1625

Package Information:  
   https://launchpad.net/ubuntu/+source/heat/1:14.2.0-0ubuntu1.1  
   https://launchpad.net/ubuntu/+source/heat/1:10.0.2-0ubuntu1.1

Ubuntu Security Notice USN-6066-1

Ubuntu Security Notice 6065-1 - It was discovered that css-what incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6065-1May 10, 2023node-css-what vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 ESM- Ubuntu 18.04 LTS- Ubuntu 16.04 ESMSummary:Several security issues were fixed in css-what.Software Description:- node-css-what: A CSS selector parserDetails:It was discovered that css-what incorrectly handled certain inputs. If a useror an automated system were tricked into opening a specially crafted inputfile, a remote attacker could possibly use this issue to cause a denial ofservice. (CVE-2021-33587, CVE-2022-21222)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 ESM:   node-css-what                   3.2.1-1ubuntu0.1~esm1Ubuntu 18.04 LTS:   node-css-what                   2.1.0-1+deb10u1build0.18.04.1Ubuntu 16.04 ESM:   node-css-what                   2.1.0-1ubuntu0.16.04.1~esm1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6065-1   CVE-2021-33587, CVE-2022-21222Package Information: https://launchpad.net/ubuntu/+source/node-css-what/2.1.0-1+deb10u1build0.18.04.1

Ubuntu Security Notice USN-6065-1

Ubuntu Security Notice 6063-1 - Mark Kirkwood discovered that Ceph incorrectly handled certain key lengths. An attacker could possibly use this issue to create non-random encryption keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that Ceph incorrectly handled the volumes plugin. An attacker could possibly use this issue to obtain access to any share. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.

==========================================================================  
Ubuntu Security Notice USN-6063-1  
May 09, 2023

ceph vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Ceph.

Software Description:  
- ceph: distributed storage and file system

Details:

Mark Kirkwood discovered that Ceph incorrectly handled certain key lengths.  
An attacker could possibly use this issue to create non-random encryption  
keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.  
(CVE-2021-3979)

It was discovered that Ceph incorrectly handled the volumes plugin. An  
attacker could possibly use this issue to obtain access to any share. This  
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.  
(CVE-2022-0670)

It was discovered that Ceph incorrectly handled crash dumps. A local  
attacker could possibly use this issue to escalate privileges to root. This  
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.  
(CVE-2022-3650)

It was discovered that Ceph incorrectly handled URL processing on RGW  
backends. An attacker could possibly use this issue to cause RGW to crash,  
leading to a denial of service. This issue only affected Ubuntu 22.04 LTS  
and Ubuntu 22.10. (CVE-2022-3854)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
   ceph                            17.2.5-0ubuntu0.22.10.3  
   ceph-base                       17.2.5-0ubuntu0.22.10.3  
   ceph-common                     17.2.5-0ubuntu0.22.10.3

Ubuntu 22.04 LTS:  
   ceph                            17.2.5-0ubuntu0.22.04.3  
   ceph-base                       17.2.5-0ubuntu0.22.04.3  
   ceph-common                     17.2.5-0ubuntu0.22.04.3

Ubuntu 20.04 LTS:  
   ceph                            15.2.17-0ubuntu0.20.04.3  
   ceph-base                       15.2.17-0ubuntu0.20.04.3  
   ceph-common                     15.2.17-0ubuntu0.20.04.3

Ubuntu 18.04 LTS:  
   ceph                            12.2.13-0ubuntu0.18.04.11  
   ceph-base                       12.2.13-0ubuntu0.18.04.11  
   ceph-common                     12.2.13-0ubuntu0.18.04.11

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6063-1  
   CVE-2021-3979, CVE-2022-0670, CVE-2022-3650, CVE-2022-3854

Package Information:  
   https://launchpad.net/ubuntu/+source/ceph/17.2.5-0ubuntu0.22.10.3  
   https://launchpad.net/ubuntu/+source/ceph/17.2.5-0ubuntu0.22.04.3  
   https://launchpad.net/ubuntu/+source/ceph/15.2.17-0ubuntu0.20.04.3  
   https://launchpad.net/ubuntu/+source/ceph/12.2.13-0ubuntu0.18.04.11

Ubuntu Security Notice USN-6063-1

Improper buffer restrictions in the Intel(R) QAT Engine for OpenSSL before version 0.6.16 may allow a privileged user to potentially enable escalation of privilege via network access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® QAT Engine for OpenSSL Advisory**

**Summary: **

A potential security vulnerability in the Intel® QuickAssist Technology (QAT) Engine for OpenSSL may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-43507

Description: Improper buffer restrictions in the Intel(R) QAT Engine for OpenSSL before version 0.6.16 may allow a privileged user to potentially enable escalation of privilege via network access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

**Affected Products:**

Intel® QAT Engine for OpenSSL before version 0.6.16.

**Recommendations:**

Intel recommends updating Intel® QAT Engine for OpenSSL to version 0.6.16 or later for CentOS, Ubuntu and FreeBSD.

Updates are available for download at this location:

https://github.com/intel/QAT\_Engine/releases

**Acknowledgements:**

This issue was found internally by Intel employees.  Intel would like to thank Jakub Rozanski.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/09/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries.  Other names and brands may be claimed as the property of others.

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

Tag

#ubuntu