From 236773ace4e24ce00b127b0c22d8f602df88d915 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 27 Dec 2022 08:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/31xxx/CVE-2021-31875.json | 2 +- 2022/40xxx/CVE-2022-40897.json | 17 ++++++++++++++++- 2023/22xxx/CVE-2023-22366.json | 18 ++++++++++++++++++ 3 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 2023/22xxx/CVE-2023-22366.json diff --git a/2021/31xxx/CVE-2021-31875.json b/2021/31xxx/CVE-2021-31875.json index ef9b44fd3b4..1592733f8df 100644 --- a/2021/31xxx/CVE-2021-31875.json +++ b/2021/31xxx/CVE-2021-31875.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow." + "value": "** DISPUTED ** In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow. NOTE: the original reporter disputes the significance of this finding because \"there isn\u2019t very much of an opportunity to exploit this reliably for an information leak, so there isn\u2019t any real security impact.\"" } ] }, diff --git a/2022/40xxx/CVE-2022-40897.json b/2022/40xxx/CVE-2022-40897.json index 0d3f2e7350c..5be8374921c 100644 --- a/2022/40xxx/CVE-2022-40897.json +++ b/2022/40xxx/CVE-2022-40897.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue discovered in Python Packaging Authority (PyPA) setuptools 65.3.0 and earlier allows remote attackers to cause a denial of service via crafted HTML package or custom PackageIndex page." + "value": "Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py." } ] }, @@ -61,6 +61,21 @@ "refsource": "MISC", "name": "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/", "url": "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/" + }, + { + "refsource": "MISC", + "name": "https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be", + "url": "https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be" + }, + { + "refsource": "MISC", + "name": "https://pyup.io/vulnerabilities/CVE-2022-40897/52495/", + "url": "https://pyup.io/vulnerabilities/CVE-2022-40897/52495/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1", + "url": "https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1" } ] } diff --git a/2023/22xxx/CVE-2023-22366.json b/2023/22xxx/CVE-2023-22366.json new file mode 100644 index 00000000000..805f43f7291 --- /dev/null +++ b/2023/22xxx/CVE-2023-22366.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-22366", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file