wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers.

CVE-2021-44718: wolfSSL Security Vulnerabilities | wolfSSL Embedded SSL/TLS Library

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users.
Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599

**Email display mode:**

Modern rendering  
Legacy rendering

CVE-2022-29158

An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.

Permalink

Browse files

netfilter: nf\_tables: disallow binding to already bound chain

Update nft\_data\_init() to report EINVAL if chain is already bound.

Fixes: d0e2c7d ("netfilter: nf\_tables: add NFT\_CHAIN\_BINDING")
Reported-by: Gwangun Jung <exsociety@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

*   Loading branch information

1 parent 01e4092 commit e02f0d3970404bfea385b6edb86f2d936db0ea2b

Showing **1 changed file** with **2 additions** and **0 deletions**.

@@ -9711,6 +9711,8 @@ static int nft\_verdict\_init(const struct nft\_ctx \*ctx, struct nft\_data \*data,

return PTR\_ERR(chain);

if (nft\_is\_base\_chain(chain))

return -EOPNOTSUPP;

if (nft\_chain\_is\_bound(chain))

return -EINVAL;

if (desc->flags & NFT\_DATA\_DESC\_SETELEM &&

chain->flags & NFT\_CHAIN\_BINDING)

return -EINVAL;

**0 comments on commit e02f0d3**

Please sign in to comment.

CVE-2022-39190: netfilter: nf_tables: disallow binding to already bound chain · torvalds/linux@e02f0d3

BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.

**Packages**

*   bluez - Bluetooth tools and daemons

**Details**

It was discovered that BlueZ incorrectly validated certain capabilities  
and lengths when handling the A2DP profile. A remote attacker could use  
this issue to cause BlueZ to crash, resulting in a denial of service, or  
possibly execute arbitrary code.

**Canonical is offering Extended Security Maintenance**

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

**Further reading**

*   _Loading..._

CVE-2022-39177: USN-5481-1: BlueZ vulnerabilities | Ubuntu security notices | Ubuntu

libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.

Permalink

Browse files

A new vulnerability: DW202208-001

*   Loading branch information

David Anderson committed

Aug 27, 2022

1 parent 271cc04 commit 60303eb80ecc7747bf29776d545e2a5c5a76f6f8

Showing **1 changed file** with **25 additions** and **0 deletions**.

  

@@ -1,4 +1,29 @@

  

  

  

id: DW202208-001

cve:

fuzzer: unspecified

datereported: 2022-08-27

reportedby: Han Zheng

vulnerability: Double free in dwarfdump

product: dwarfdump

description: A carefully corrupted object file

would cause dwarfdump -vv -a

to do a double free in handling an error condition.

That could cause a segmentation violation or other

major error, terminating the calling application and

resulting in Denial Of Service.

datefixed:

references: regressiontests/hanzheng/fuzzedobject

gitfixid:

tarrelease:

endrec: DW202208-001

  

  

  

  

  

id: DW202207-001

cve:

fuzzer: ossfuzz

**0 comments on commit 60303eb**

Please sign in to comment.

CVE-2022-39170: A new vulnerability: DW202208-001 · davea42/libdwarf-code@60303eb

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.

'2117506?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2022-2764: Invalid Bug ID

An infinite loop may be triggered in display_debug_abbrev() function in binutils/dwarf.c while opening a crafted ELF, which may lead to denial of service by a local attacker.

'29370?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2022-38128: Invalid Bug ID

Assertion fail in the display_debug_names() function in binutils/dwarf.c may lead to program crash and denial of service.

'29289?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2022-38126: Invalid Bug ID

Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.

**Luís Ferreira** contact@lsferreira.net  
_Wed Sep 22 01:31:03 GMT 2021_

*   Previous message (by thread): \[PATCH v6\] c++: Fix cp\_tree\_equal for template value args using dependent sizeof/alignof/noexcept expressions
*   Next message (by thread): \[PATCH\] libiberty: prevent null dereferencing on dlang\_type
*   **Messages sorted by:** \[ date \] \[ thread \] \[ subject \] \[ author \]

This patch prevents dereferencing a null reference on a crafted
malformed magled name, often causing SIGSEGV to be raised.

Signed-off-by: Luís Ferreira <contact@lsferreira.net\>
---
 libiberty/d-demangle.c                  | 2 +-
 libiberty/testsuite/d-demangle-expected | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/libiberty/d-demangle.c b/libiberty/d-demangle.c
index a2152cc65518..469398261994 100644
--- a/libiberty/d-demangle.c
+++ b/libiberty/d-demangle.c
@@ -875,7 +875,7 @@ dlang\_type (string \*decl, const char \*mangled,
struct dlang\_info \*info)
       szmods = string\_length (&mods);
 
       /\* Back referenced function type.  \*/
-      if (\*mangled == 'Q')
+      if (mangled && \*mangled == 'Q')
 	mangled = dlang\_type\_backref (decl, mangled, info, 1);
       else
 	mangled = dlang\_function\_type (decl, mangled, info);
diff --git a/libiberty/testsuite/d-demangle-expected
b/libiberty/testsuite/d-demangle-expected
index c35185c3e1e3..799f4724b72e 100644
--- a/libiberty/testsuite/d-demangle-expected
+++ b/libiberty/testsuite/d-demangle-expected
@@ -991,11 +991,14 @@ \_D88
 \_D5\_\_T1aZv
 \_D5\_\_T1aZv
 #
---format=dlang
 \_D00
 \_D00
 #
 --format=dlang
+\_D01\_D
+\_D01\_D
+#
+--format=dlang
 \_D9223372036854775817
 \_D9223372036854775817
 #

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://gcc.gnu.org/pipermail/gcc-patches/attachments/20210922/ddbe2770/attachment.sig\>

*   Previous message (by thread): \[PATCH v6\] c++: Fix cp\_tree\_equal for template value args using dependent sizeof/alignof/noexcept expressions
*   Next message (by thread): \[PATCH\] libiberty: prevent null dereferencing on dlang\_type
*   **Messages sorted by:** \[ date \] \[ thread \] \[ subject \] \[ author \]

More information about the Gcc-patches mailing list

CVE-2021-3826: [PATCH] libiberty: prevent null dereferencing on dlang_type

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.

'2022908?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

Tag

#dos