From ce3140d3353f16cfc19e44c4e3faf1e9a8fe67c1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 20 Feb 2025 18:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/51xxx/CVE-2023-51333.json | 61 ++++++++++++++++++++++++--- 2023/51xxx/CVE-2023-51334.json | 61 ++++++++++++++++++++++++--- 2023/51xxx/CVE-2023-51335.json | 61 ++++++++++++++++++++++++--- 2024/46xxx/CVE-2024-46933.json | 75 +++++++++++++++++++++++++++++++--- 2024/54xxx/CVE-2024-54959.json | 56 ++++++++++++++++++++++--- 2024/54xxx/CVE-2024-54960.json | 56 ++++++++++++++++++++++--- 2024/55xxx/CVE-2024-55457.json | 56 ++++++++++++++++++++++--- 2025/1xxx/CVE-2025-1258.json | 8 ++-- 2025/25xxx/CVE-2025-25968.json | 61 ++++++++++++++++++++++++--- 2025/25xxx/CVE-2025-25973.json | 61 ++++++++++++++++++++++++--- 2025/26xxx/CVE-2025-26308.json | 56 ++++++++++++++++++++++--- 2025/26xxx/CVE-2025-26311.json | 56 ++++++++++++++++++++++--- 2025/27xxx/CVE-2025-27091.json | 63 ++++++++++++++++++++++++++-- 13 files changed, 657 insertions(+), 74 deletions(-) diff --git a/2023/51xxx/CVE-2023-51333.json b/2023/51xxx/CVE-2023-51333.json index 3b33cb857fe..dc42a31d8f5 100644 --- a/2023/51xxx/CVE-2023-51333.json +++ b/2023/51xxx/CVE-2023-51333.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51333", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51333", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHPJabbers Cinema Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.phpjabbers.com/cinema-booking-system/#sectionDemo", + "refsource": "MISC", + "name": "https://www.phpjabbers.com/cinema-booking-system/#sectionDemo" + }, + { + "refsource": "MISC", + "name": "https://packetstorm.news/files/id/176511", + "url": "https://packetstorm.news/files/id/176511" } ] } diff --git a/2023/51xxx/CVE-2023-51334.json b/2023/51xxx/CVE-2023-51334.json index 13bd252ee7a..304d64d3ab1 100644 --- a/2023/51xxx/CVE-2023-51334.json +++ b/2023/51xxx/CVE-2023-51334.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51334", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51334", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cinema Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.phpjabbers.com/cinema-booking-system/#sectionDemo", + "refsource": "MISC", + "name": "https://www.phpjabbers.com/cinema-booking-system/#sectionDemo" + }, + { + "refsource": "MISC", + "name": "https://packetstorm.news/files/id/176512", + "url": "https://packetstorm.news/files/id/176512" } ] } diff --git a/2023/51xxx/CVE-2023-51335.json b/2023/51xxx/CVE-2023-51335.json index 00976349ec0..25ecde99e48 100644 --- a/2023/51xxx/CVE-2023-51335.json +++ b/2023/51xxx/CVE-2023-51335.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51335", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51335", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHPJabbers Cinema Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the \"title, name\" parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.phpjabbers.com/cinema-booking-system/#sectionDemo", + "refsource": "MISC", + "name": "https://www.phpjabbers.com/cinema-booking-system/#sectionDemo" + }, + { + "refsource": "MISC", + "name": "https://packetstorm.news/files/id/176508", + "url": "https://packetstorm.news/files/id/176508" } ] } diff --git a/2024/46xxx/CVE-2024-46933.json b/2024/46xxx/CVE-2024-46933.json index 2f9f50b71f9..c5d93fe3e46 100644 --- a/2024/46xxx/CVE-2024-46933.json +++ b/2024/46xxx/CVE-2024-46933.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-46933", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-46933", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Atos Eviden BullSequana XH2140 BMC before C4EM-125: OMF_C4E 101.05.0014. Some BullSequana XH products were shipped without proper hardware programming, leading to a potential denial-of-service with privileged access." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://eviden.com", + "refsource": "MISC", + "name": "https://eviden.com" + }, + { + "refsource": "CONFIRM", + "name": "https://support.bull.com/ols/product/security/psirt/security-bulletins/ast2600-left-unconfigured-in-bullsequana-xh2140-psirt-270-tlp-clear-version-2-7-cve-2024-46933/view", + "url": "https://support.bull.com/ols/product/security/psirt/security-bulletins/ast2600-left-unconfigured-in-bullsequana-xh2140-psirt-270-tlp-clear-version-2-7-cve-2024-46933/view" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:H/PR:H/S:C/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2024/54xxx/CVE-2024-54959.json b/2024/54xxx/CVE-2024-54959.json index 26054874ad4..37be201f068 100644 --- a/2024/54xxx/CVE-2024-54959.json +++ b/2024/54xxx/CVE-2024-54959.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-54959", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-54959", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack through the Favorites component, enabling POST-based Cross-Site Scripting (XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2024-54959", + "url": "https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2024-54959" } ] } diff --git a/2024/54xxx/CVE-2024-54960.json b/2024/54xxx/CVE-2024-54960.json index 57989acceb1..e53eda8ddc9 100644 --- a/2024/54xxx/CVE-2024-54960.json +++ b/2024/54xxx/CVE-2024-54960.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-54960", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-54960", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL injection via a crafted payload in the History Tab component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2024-54960", + "url": "https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2024-54960" } ] } diff --git a/2024/55xxx/CVE-2024-55457.json b/2024/55xxx/CVE-2024-55457.json index c0fb1da69aa..5a95ca2704d 100644 --- a/2024/55xxx/CVE-2024-55457.json +++ b/2024/55xxx/CVE-2024-55457.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-55457", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-55457", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the file parameter to access arbitrary files on the server, potentially exposing sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/h13nh04ng/CVE-2024-55457-PoC", + "url": "https://github.com/h13nh04ng/CVE-2024-55457-PoC" } ] } diff --git a/2025/1xxx/CVE-2025-1258.json b/2025/1xxx/CVE-2025-1258.json index 51d88451e76..5a54289376c 100644 --- a/2025/1xxx/CVE-2025-1258.json +++ b/2025/1xxx/CVE-2025-1258.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1258", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@lenovo.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } diff --git a/2025/25xxx/CVE-2025-25968.json b/2025/25xxx/CVE-2025-25968.json index bb7883cc81b..746100f0921 100644 --- a/2025/25xxx/CVE-2025-25968.json +++ b/2025/25xxx/CVE-2025-25968.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25968", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25968", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls, leading to account takeover and potential privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://ddsn.com", + "refsource": "MISC", + "name": "http://ddsn.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/padayali-JD/CVE-2025-25968", + "url": "https://github.com/padayali-JD/CVE-2025-25968" } ] } diff --git a/2025/25xxx/CVE-2025-25973.json b/2025/25xxx/CVE-2025-25973.json index 1fcf688ffd6..01d2e30463d 100644 --- a/2025/25xxx/CVE-2025-25973.json +++ b/2025/25xxx/CVE-2025-25973.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25973", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25973", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored Cross Site Scripting vulnerability in the \"related recommendations\" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and article.tags parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/yandaozi/PPress/issues/3", + "refsource": "MISC", + "name": "https://github.com/yandaozi/PPress/issues/3" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/coleak2021/512acaa12ba0987499d560967acff1d1", + "url": "https://gist.github.com/coleak2021/512acaa12ba0987499d560967acff1d1" } ] } diff --git a/2025/26xxx/CVE-2025-26308.json b/2025/26xxx/CVE-2025-26308.json index 128ff699e69..7883a5a7f20 100644 --- a/2025/26xxx/CVE-2025-26308.json +++ b/2025/26xxx/CVE-2025-26308.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-26308", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-26308", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory leak has been identified in the parseSWF_FILTERLIST function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/libming/libming/issues/326", + "refsource": "MISC", + "name": "https://github.com/libming/libming/issues/326" } ] } diff --git a/2025/26xxx/CVE-2025-26311.json b/2025/26xxx/CVE-2025-26311.json index bf0a6fcdcf2..8dee4740b43 100644 --- a/2025/26xxx/CVE-2025-26311.json +++ b/2025/26xxx/CVE-2025-26311.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-26311", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-26311", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple memory leaks have been identified in the clip actions parsing functions (parseSWF_CLIPACTIONS and parseSWF_CLIPACTIONRECORD) in util/parser.c of libming v0.4.8, which allow attackers to cause a denial of service via a crafted SWF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/libming/libming/issues/329", + "refsource": "MISC", + "name": "https://github.com/libming/libming/issues/329" } ] } diff --git a/2025/27xxx/CVE-2025-27091.json b/2025/27xxx/CVE-2025-27091.json index 09381ee0784..09cfd6b4567 100644 --- a/2025/27xxx/CVE-2025-27091.json +++ b/2025/27xxx/CVE-2025-27091.json @@ -1,18 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27091", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is due to a race condition between a Sequence Parameter Set (SPS) memory allocation and a subsequent non Instantaneous Decoder Refresh (non-IDR) Network Abstraction Layer (NAL) unit memory usage. An attacker could exploit this vulnerability by crafting a malicious bitstream and tricking a victim user into processing an arbitrary video containing the malicious bistream. An exploit could allow the attacker to cause an unexpected crash in the victim's user decoding client and, possibly, perform arbitrary commands on the victim's host by abusing the heap overflow. This vulnerability affects OpenH264 2.5.0 and earlier releases. Both Scalable Video Coding (SVC) mode and Advanced Video Coding (AVC) mode are affected by this vulnerability. OpenH264 software releases 2.6.0 and later contained the fix for this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* [Open an issue in cisco/openh264](https://github.com/cisco/openh264/issues)\n* Email Cisco Open Source Security ([oss-security@cisco.com](mailto:oss-security@cisco.com)) and Cisco PSIRT ([psirt@cisco.com](mailto:psirt@cisco.com))\n\n### Credits:\n\n* **Research:** Octavian Guzu and Andrew Calvano of Meta\n* **Fix ideation:** Philipp Hancke and Shyam Sadhwani of Meta\n* **Fix implementation:** Benzheng Zhang (@BenzhengZhang)\n* **Release engineering:** Benzheng Zhang (@BenzhengZhang)" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "cisco", + "product": { + "product_data": [ + { + "product_name": "openh264", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x", + "refsource": "MISC", + "name": "https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x" + }, + { + "url": "https://github.com/cisco/openh264/releases/tag/v2.6.0", + "refsource": "MISC", + "name": "https://github.com/cisco/openh264/releases/tag/v2.6.0" + } + ] + }, + "source": { + "advisory": "GHSA-m99q-5j7x-7m9x", + "discovery": "UNKNOWN" } } \ No newline at end of file