NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0239.

**Description**

NULL Pointer Dereference in function sug\_filltree at vim/src/spellfile.c:5600.

**vim version**

    git log
    commit 4875d6ab068f09df88d24d81de40dcd8d56e243d (grafted, HEAD -> master, tag: v9.0.0224, origin/master, origin/HEAD)
    

**Proof of Concept**

    ./vim -u NONE -X -Z -e -s -S /home/fuzz/test/poc2_null.dat -c :qa!
    Segmentation fault (core dumped)
    
    

**gdb debug info**

    [Thread debugging using libthread_db enabled]
    Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
    
    Program received signal SIGSEGV, Segmentation fault.
    0x0000555555b9f3f0 in sug_filltree (spin=0x7fffffff95c0, slang=0x62100001f500) at spellfile.c:5600
    5600        if (curi[depth] > byts[arridx[depth]])
    
    [ Legend: Modified register | Code | Heap | Stack | String ]
    ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── registers ────
    $rax   : 0x0               
    $rbx   : 0x007fffffff93b0  →  0x007fffffff9950  →  0x007fffffff99a0  →  0x0000000041b58ab3
    $rcx   : 0x0               
    $rdx   : 0x0               
    $rsp   : 0x007fffffff8340  →  0x0062100001f500  →  0x0000000000000000
    $rbp   : 0x007fffffff93d0  →  0x007fffffff9410  →  0x007fffffff9970  →  0x007fffffff9a40  →  0x007fffffff9db0  →  0x007fffffffa6b0  →  0x007fffffffa6d0  →  0x007fffffffa880
    $rsi   : 0x1               
    $rdi   : 0x0               
    $rip   : 0x00555555b9f3f0  →  <sug_filltree+1115> movzx eax, BYTE PTR [rcx]
    $r8    : 0x0               
    $r9    : 0x000c507fff9020  →  0x0000000000000000
    $r10   : 0x0               
    $r11   : 0x108             
    $r12   : 0x000ffffffff06e  →  0x0000000000000000
    $r13   : 0x007fffffff8370  →  0x0000000041b58ab3
    $r14   : 0x007fffffff8370  →  0x0000000041b58ab3
    $r15   : 0x007fffffff9ae0  →  0x0000000041b58ab3
    $eflags: [ZERO carry PARITY adjust sign trap INTERRUPT direction overflow RESUME virtualx86 identification]
    $cs: 0x33 $ss: 0x2b $ds: 0x00 $es: 0x00 $fs: 0x00 $gs: 0x00 
    ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── stack ────
    0x007fffffff8340│+0x0000: 0x0062100001f500  →  0x0000000000000000    ← $rsp
    0x007fffffff8348│+0x0008: 0x007fffffff95c0  →  0x00628000008110  →  0x0000000000000000
    0x007fffffff8350│+0x0010: 0xffffffff00000000
    0x007fffffff8358│+0x0018: 0x0000000000000000
    0x007fffffff8360│+0x0020: 0x0000000000000000
    0x007fffffff8368│+0x0028: 0x0000000000000000
    0x007fffffff8370│+0x0030: 0x0000000041b58ab3     ← $r13, $r14
    0x007fffffff8378│+0x0038: 0x00555555eaeaa0  →  "5 32 1016 11 arridx:5569 1184 1016 9 curi:5570 233[...]"
    ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── code:x86:64 ────
       0x555555b9f3e6 <sug_filltree+1105> je     0x555555b9f3f0 <sug_filltree+1115>
       0x555555b9f3e8 <sug_filltree+1107> mov    rdi, rax
       0x555555b9f3eb <sug_filltree+1110> call   0x55555568dba0 <__asan_report_load1@plt>
     → 0x555555b9f3f0 <sug_filltree+1115> movzx  eax, BYTE PTR [rcx]
       0x555555b9f3f3 <sug_filltree+1118> movzx  eax, al
       0x555555b9f3f6 <sug_filltree+1121> cmp    esi, eax
       0x555555b9f3f8 <sug_filltree+1123> jle    0x555555b9f599 <sug_filltree+1540>
       0x555555b9f3fe <sug_filltree+1129> mov    eax, DWORD PTR [rbp-0x1080]
       0x555555b9f404 <sug_filltree+1135> cdqe   
    ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── source:spellfile.c+5600 ────
       5595      wordcount[0] = 0;
       5596  
       5597      depth = 0;
       5598      while (depth >= 0 && !got_int)
       5599      {
              // byts=0x007fffffff8360  →  0x0000000000000000, depth=0x0, arridx=0x007fffffff8390  →  0x0000000000000000, curi=0x007fffffff8810  →  0x0000000000000001
     → 5600     if (curi[depth] > byts[arridx[depth]])
       5601     {
       5602         // Done all bytes at this node, go up one level.
       5603         idxs[arridx[depth]] = wordcount[depth];
       5604         if (depth > 0)
       5605         wordcount[depth - 1] += wordcount[depth];
    ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── threads ────
    [#0] Id 1, Name: "vim", stopped 0x555555b9f3f0 in sug_filltree (), reason: SIGSEGV
    ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── trace ────
    [#0] 0x555555b9f3f0 → sug_filltree(spin=0x7fffffff95c0, slang=0x62100001f500)
    [#1] 0x555555b9ed48 → spell_make_sugfile(spin=0x7fffffff95c0, wfname=0x621000017d00 "Xtest.utf-8.spl")
    [#2] 0x555555ba2799 → mkspell(fcount=0x1, fnames=0x611000000400, ascii=0x0, over_write=0x1, added_word=0x0)
    [#3] 0x555555b9ea0c → ex_mkspell(eap=0x7fffffff9b30)
    [#4] 0x555555817454 → do_one_cmd(cmdlinep=0x7fffffff9e90, flags=0xb, cstack=0x7fffffff9fb0, fgetline=0x0, cookie=0x0)
    [#5] 0x55555580e6f7 → do_cmdline(cmdline=0x602000006050 "mksp! Xtest", fgetline=0x0, cookie=0x0, flags=0xb)
    [#6] 0x55555580ca91 → do_cmdline_cmd(cmd=0x602000006050 "mksp! Xtest")
    [#7] 0x5555557b2730 → execute_common(argvars=0x7fffffffadd0, rettv=0x7fffffffc0c0, arg_off=0x0)
    [#8] 0x5555557b2cc2 → f_execute(argvars=0x7fffffffadd0, rettv=0x7fffffffc0c0)
    [#9] 0x5555557ad280 → call_internal_func(name=0x602000006070 "execute", argcount=0x1, argvars=0x7fffffffadd0, rettv=0x7fffffffc0c0)
    ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
    

poc download: <p><a href="https://github.com/Janette88/vim/blob/main/poc2\_null.dat">poc2\_null.dat</a></p>

**Impact**

NULL Pointer Dereference in function generate\_loadvar allows attackers to cause a denial of service (application crash) via a crafted input.

CVE-2022-2923: NULL Pointer Dereference in function sug_filltree in vim

IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services. IBM X-Force ID: 207221.

CVE-2021-29891: IBM OPENBMC denial of service CVE-2021-29891 Vulnerability Report

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method

CVE-2022-1930 | CVSS 5.9

JFrog Severity:medium

Published 11 Aug. 2022 | Last updated 11 Aug. 2022

Exponential ReDoS in eth-account leads to denial of service

eth-account

eth-account (,0.5.9), fixed in 0.5.9

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method

    {
            "types": {
                    "EIP712Domain": [
                            {"name": "aaaa", "type": "$[11111111111111111111111110"},
                            {"name": "version", "type": "string"},
                            {"name": "chainId", "type": "uint256"},
                            {"name": "verifyingContract", "type": "address"}
                     ]
            }
    }
    

No mitigations are supplied for this issue

NVD

CVE-2022-1930: eth-account ReDoS | XRAY-248681

Gentoo Linux Security Advisory 202208-34 - Multiple vulnerabilities have been discovered in Apache Tomcat, the worst of which could result in denial of service. Versions less than 8.5.82:8.5 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-34  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Apache Tomcat: Multiple Vulnerabilities  
     Date: August 21, 2022  
     Bugs: #773571, #801916, #818160, #855971  
       ID: 202208-34

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Apache Tomcat, the  
worst of which could result in denial of service.

Background  
=========  
Apache Tomcat is a Servlet-3.0/JSP-2.2 Container.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  www-servers/tomcat         < 8.5.82:8.5              >= 8.5.82:8.5  
                                < 9.0.65:9                >= 9.0.65:9  
                                < 10.0.23:10              >= 10.0.23:10

Description  
==========  
Multiple vulnerabilities have been discovered in Apache Tomcat. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Apache Tomcat 10.x users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-servers/tomcat-10.0.23:10"

All Apache Tomcat 9.x users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-servers/tomcat-9.0.65:9"

All Apache Tomcat 8.5.x users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-servers/tomcat-8.5.82:8.5"

References  
=========  
[ 1 ] CVE-2021-25122  
      https://nvd.nist.gov/vuln/detail/CVE-2021-25122  
[ 2 ] CVE-2021-25329  
      https://nvd.nist.gov/vuln/detail/CVE-2021-25329  
[ 3 ] CVE-2021-30639  
      https://nvd.nist.gov/vuln/detail/CVE-2021-30639  
[ 4 ] CVE-2021-30640  
      https://nvd.nist.gov/vuln/detail/CVE-2021-30640  
[ 5 ] CVE-2021-33037  
      https://nvd.nist.gov/vuln/detail/CVE-2021-33037  
[ 6 ] CVE-2021-42340  
      https://nvd.nist.gov/vuln/detail/CVE-2021-42340  
[ 7 ] CVE-2022-34305  
      https://nvd.nist.gov/vuln/detail/CVE-2022-34305

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-34

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-34

Gentoo Linux Security Advisory 202208-33 - A vulnerability has been found in libcroco which could result in denial of service. Versions less than 0.6.13 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-33  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Gnome Shell, gettext, libcroco: Multiple Vulnerabilities  
     Date: August 21, 2022  
     Bugs: #722752, #755848, #769998  
       ID: 202208-33

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability has been found in libcroco which could result in denial  
of service.

Background  
=========  
GNOME Shell provides core user interface functions for the GNOME  
desktop, like switching to windows and launching applications.

gettext contains the GNU locale utilities.

libcroco is a standalone CSS2 parsing and manipulation library.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  dev-libs/libcroco          < 0.6.13                    >= 0.6.13  
  2  gnome-base/gnome-shell     < 3.36.7                    >= 3.36.7  
  3  sys-devel/gettext          < 0.21                        >= 0.21

Description  
==========  
The cr_parser_parse_any_core function in libcroco's cr-parser.c does not  
limit recursion, leading to a denial of service via a stack overflow  
when trying to parse crafted CSS.

Gnome Shell and gettext bundle libcroco in their own sources and thus  
are potentially vulnerable as well.

Impact  
=====  
An attacker with control over the input to the library can cause a denial of service.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All gettext users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-devel/gettext-0.21"

All Gnome Shell users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=gnome-base/gnome-shell-3.36.7"

All libcroco users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-libs/libcroco-0.6.13"

References  
=========  
[ 1 ] CVE-2020-12825  
      https://nvd.nist.gov/vuln/detail/CVE-2020-12825

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-33

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-33

Gentoo Linux Security Advisory 202208-32 - Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. Versions less than 9.0.0060 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-32  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Vim, gVim: Multiple Vulnerabilities  
     Date: August 21, 2022  
     Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231  
       ID: 202208-32

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Vim, the worst of which  
could result in denial of service.

Background  
=========  
Vim is an efficient, highly configurable improved version of the classic  
‘vi’ text editor. gVim is the GUI version of Vim.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  app-editors/gvim           < 9.0.0060                >= 9.0.0060  
  2  app-editors/vim            < 9.0.0060                >= 9.0.0060  
  3  app-editors/vim-core       < 9.0.0060                >= 9.0.0060

Description  
==========  
Multiple vulnerabilities have been discovered in Vim and gVim. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Vim users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"

All gVim users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"

All vim-core users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"

References  
=========  
[ 1 ] CVE-2021-3770  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3770  
[ 2 ] CVE-2021-3778  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3778  
[ 3 ] CVE-2021-3796  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3796  
[ 4 ] CVE-2021-3872  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3872  
[ 5 ] CVE-2021-3875  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3875  
[ 6 ] CVE-2021-3927  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3927  
[ 7 ] CVE-2021-3928  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3928  
[ 8 ] CVE-2021-3968  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3968  
[ 9 ] CVE-2021-3973  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3973  
[ 10 ] CVE-2021-3974  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3974  
[ 11 ] CVE-2021-3984  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3984  
[ 12 ] CVE-2021-4019  
      https://nvd.nist.gov/vuln/detail/CVE-2021-4019  
[ 13 ] CVE-2021-4069  
      https://nvd.nist.gov/vuln/detail/CVE-2021-4069  
[ 14 ] CVE-2021-4136  
      https://nvd.nist.gov/vuln/detail/CVE-2021-4136  
[ 15 ] CVE-2021-4166  
      https://nvd.nist.gov/vuln/detail/CVE-2021-4166  
[ 16 ] CVE-2021-4173  
      https://nvd.nist.gov/vuln/detail/CVE-2021-4173  
[ 17 ] CVE-2021-4187  
      https://nvd.nist.gov/vuln/detail/CVE-2021-4187  
[ 18 ] CVE-2021-4192  
      https://nvd.nist.gov/vuln/detail/CVE-2021-4192  
[ 19 ] CVE-2021-4193  
      https://nvd.nist.gov/vuln/detail/CVE-2021-4193  
[ 20 ] CVE-2021-46059  
      https://nvd.nist.gov/vuln/detail/CVE-2021-46059  
[ 21 ] CVE-2022-0128  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0128  
[ 22 ] CVE-2022-0156  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0156  
[ 23 ] CVE-2022-0158  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0158  
[ 24 ] CVE-2022-0213  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0213  
[ 25 ] CVE-2022-0261  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0261  
[ 26 ] CVE-2022-0318  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0318  
[ 27 ] CVE-2022-0319  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0319  
[ 28 ] CVE-2022-0351  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0351  
[ 29 ] CVE-2022-0359  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0359  
[ 30 ] CVE-2022-0361  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0361  
[ 31 ] CVE-2022-0368  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0368  
[ 32 ] CVE-2022-0392  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0392  
[ 33 ] CVE-2022-0393  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0393  
[ 34 ] CVE-2022-0407  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0407  
[ 35 ] CVE-2022-0408  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0408  
[ 36 ] CVE-2022-0413  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0413  
[ 37 ] CVE-2022-0417  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0417  
[ 38 ] CVE-2022-0443  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0443  
[ 39 ] CVE-2022-0554  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0554  
[ 40 ] CVE-2022-0629  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0629  
[ 41 ] CVE-2022-0685  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0685  
[ 42 ] CVE-2022-0714  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0714  
[ 43 ] CVE-2022-0729  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0729  
[ 44 ] CVE-2022-0943  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0943  
[ 45 ] CVE-2022-1154  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1154  
[ 46 ] CVE-2022-1160  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1160  
[ 47 ] CVE-2022-1381  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1381  
[ 48 ] CVE-2022-1420  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1420  
[ 49 ] CVE-2022-1616  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1616  
[ 50 ] CVE-2022-1619  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1619  
[ 51 ] CVE-2022-1620  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1620  
[ 52 ] CVE-2022-1621  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1621  
[ 53 ] CVE-2022-1629  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1629  
[ 54 ] CVE-2022-1674  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1674  
[ 55 ] CVE-2022-1720  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1720  
[ 56 ] CVE-2022-1733  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1733  
[ 57 ] CVE-2022-1735  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1735  
[ 58 ] CVE-2022-1769  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1769  
[ 59 ] CVE-2022-1771  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1771  
[ 60 ] CVE-2022-1785  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1785  
[ 61 ] CVE-2022-1796  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1796  
[ 62 ] CVE-2022-1851  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1851  
[ 63 ] CVE-2022-1886  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1886  
[ 64 ] CVE-2022-1897  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1897  
[ 65 ] CVE-2022-1898  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1898  
[ 66 ] CVE-2022-1927  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1927  
[ 67 ] CVE-2022-1942  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1942  
[ 68 ] CVE-2022-1968  
      https://nvd.nist.gov/vuln/detail/CVE-2022-1968  
[ 69 ] CVE-2022-2000  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2000  
[ 70 ] CVE-2022-2042  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2042  
[ 71 ] CVE-2022-2124  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2124  
[ 72 ] CVE-2022-2125  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2125  
[ 73 ] CVE-2022-2126  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2126  
[ 74 ] CVE-2022-2129  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2129  
[ 75 ] CVE-2022-2175  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2175  
[ 76 ] CVE-2022-2182  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2182  
[ 77 ] CVE-2022-2183  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2183  
[ 78 ] CVE-2022-2206  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2206  
[ 79 ] CVE-2022-2207  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2207  
[ 80 ] CVE-2022-2208  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2208  
[ 81 ] CVE-2022-2210  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2210  
[ 82 ] CVE-2022-2231  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2231  
[ 83 ] CVE-2022-2257  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2257  
[ 84 ] CVE-2022-2264  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2264  
[ 85 ] CVE-2022-2284  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2284  
[ 86 ] CVE-2022-2285  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2285  
[ 87 ] CVE-2022-2286  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2286  
[ 88 ] CVE-2022-2287  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2287  
[ 89 ] CVE-2022-2288  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2288  
[ 90 ] CVE-2022-2289  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2289  
[ 91 ] CVE-2022-2304  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2304  
[ 92 ] CVE-2022-2343  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2343  
[ 93 ] CVE-2022-2344  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2344  
[ 94 ] CVE-2022-2345  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2345

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-32

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-32

Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token.

@@ -364,6 +364,11 @@ rsa\_oaep\_sha1\_decrypt(const struct rsa\_private\_key \*key,

int res;

struct sha1\_ctx ctx;

  

if (nettle\_mpz\_sizeinbase\_256\_u (gibberish) > key->size ||

key->size < (2\*SHA1\_DIGEST\_SIZE)+2) {

return 0;

}

  

mpz\_init(m);

rsa\_compute\_root(key, m, gibberish);

  

@@ -384,6 +389,11 @@ rsa\_oaep\_sha256\_decrypt(const struct rsa\_private\_key \*key,

int res;

struct sha256\_ctx ctx;

  

if (nettle\_mpz\_sizeinbase\_256\_u (gibberish) > key->size ||

key->size < (2\*SHA1\_DIGEST\_SIZE)+2) {

return 0;

}

  

mpz\_init(m);

rsa\_compute\_root(key, m, gibberish);

CVE-2022-38493: Fix rsa oaep key length check before decryption · babelouest/rhonabwy@dd528b3

A heap-based buffer over write vulnerability was found in GhostScript's lp8000_print_page() function in gdevlp8k.c file. An attacker could trick a user to open a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.

'701844?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2020-27792: Invalid Bug ID

Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement.

CVE-2022-23460

Ubuntu Security Notice 5573-1 - Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-5573-1August 18, 2022rsync vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS- Ubuntu 16.04 ESMSummary:rsync could be made to crash or run programs if it received speciallycrafted input.Software Description:- rsync: fast, versatile, remote (and local) file-copying toolDetails:Evgeny Legerov discovered that zlib incorrectly handled memory whenperforming certain inflate operations. An attacker could use this issueto cause rsync to crash, resulting in a denial of service, or possiblyexecute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:rsync 3.1.3-8ubuntu0.4Ubuntu 18.04 LTS:rsync 3.1.2-2.1ubuntu1.5Ubuntu 16.04 ESM:rsync 3.1.1-3ubuntu1.3+esm2In general, a standard system update will make all the necessary changes.References:https://ubuntu.com/security/notices/USN-5573-1CVE-2022-37434Package Information:https://launchpad.net/ubuntu/+source/rsync/3.1.3-8ubuntu0.4https://launchpad.net/ubuntu/+source/rsync/3.1.2-2.1ubuntu1.5

Tag

#dos