From dcdc134dfb7938dc79c44cd1dbd02e36257d34b3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Jan 2023 01:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/37xxx/CVE-2021-37136.json | 5 + 2021/37xxx/CVE-2021-37137.json | 5 + 2021/43xxx/CVE-2021-43797.json | 5 + 2022/41xxx/CVE-2022-41881.json | 7 +- 2022/41xxx/CVE-2022-41915.json | 175 +++++++++++++++++---------------- 2023/0xxx/CVE-2023-0227.json | 18 ++++ 6 files changed, 129 insertions(+), 86 deletions(-) create mode 100644 2023/0xxx/CVE-2023-0227.json diff --git a/2021/37xxx/CVE-2021-37136.json b/2021/37xxx/CVE-2021-37136.json index 58d7d147499..86f34e1636f 100644 --- a/2021/37xxx/CVE-2021-37136.json +++ b/2021/37xxx/CVE-2021-37136.json @@ -99,6 +99,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html" } ] }, diff --git a/2021/37xxx/CVE-2021-37137.json b/2021/37xxx/CVE-2021-37137.json index c44f58a31f5..2080e6f2081 100644 --- a/2021/37xxx/CVE-2021-37137.json +++ b/2021/37xxx/CVE-2021-37137.json @@ -99,6 +99,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html" } ] }, diff --git a/2021/43xxx/CVE-2021-43797.json b/2021/43xxx/CVE-2021-43797.json index 9565d83a33b..d6705920e61 100644 --- a/2021/43xxx/CVE-2021-43797.json +++ b/2021/43xxx/CVE-2021-43797.json @@ -93,6 +93,11 @@ "url": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpujul2022.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html" } ] }, diff --git a/2022/41xxx/CVE-2022-41881.json b/2022/41xxx/CVE-2022-41881.json index c77f6ca0a9c..0724a4a9ff4 100644 --- a/2022/41xxx/CVE-2022-41881.json +++ b/2022/41xxx/CVE-2022-41881.json @@ -58,6 +58,11 @@ "url": "https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v", "refsource": "MISC", "name": "https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html" } ] }, @@ -83,4 +88,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2022/41xxx/CVE-2022-41915.json b/2022/41xxx/CVE-2022-41915.json index 115885e6076..969954d78d6 100644 --- a/2022/41xxx/CVE-2022-41915.json +++ b/2022/41xxx/CVE-2022-41915.json @@ -3,106 +3,111 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-41915", - "ASSIGNER": "security-advisories@github.com", - "STATE": "PUBLIC" + "ID": "CVE-2022-41915", + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "source": { - "advisory": "GHSA-hh82-3pmq-7frp", - "discovery": "UNKNOWN" + "advisory": "GHSA-hh82-3pmq-7frp", + "discovery": "UNKNOWN" }, "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "netty", - "product": { - "product_data": [ + "vendor": { + "vendor_data": [ { - "product_name": "netty", - "version": { - "version_data": [ - { - "version_name": "4.1.86.Final", - "version_affected": "<", - "version_value": "4.1.86.Final", - "platform": "" - }, - { - "version_name": "4.1.83.Final", - "version_affected": ">=", - "version_value": "4.1.83.Final", - "platform": "" - } - ] - } + "vendor_name": "netty", + "product": { + "product_data": [ + { + "product_name": "netty", + "version": { + "version_data": [ + { + "version_name": "4.1.86.Final", + "version_affected": "<", + "version_value": "4.1.86.Final", + "platform": "" + }, + { + "version_name": "4.1.83.Final", + "version_affected": ">=", + "version_value": "4.1.83.Final", + "platform": "" + } + ] + } + } + ] + } } - ] - } - } - ] - } + ] + } }, "problemtype": { - "problemtype_data": [ - { - "description": [ + "problemtype_data": [ { - "lang": "eng", - "value": "CWE-436: Interpretation Conflict", - "cweId": "CWE-436" - } - ] - }, - { - "description": [ + "description": [ + { + "lang": "eng", + "value": "CWE-436: Interpretation Conflict", + "cweId": "CWE-436" + } + ] + }, { - "lang": "eng", - "value": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", - "cweId": "CWE-113" + "description": [ + { + "lang": "eng", + "value": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", + "cweId": "CWE-113" + } + ] } - ] - } - ] + ] }, "description": { - "description_data": [ - { - "lang": "eng", - "value": "Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator)` call, into a `remove()` call, and call `add()` in a loop over the iterator of values." - } - ] + "description_data": [ + { + "lang": "eng", + "value": "Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator)` call, into a `remove()` call, and call `add()` in a loop over the iterator of values." + } + ] }, "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp", - "name": "https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp" - }, - { - "refsource": "MISC", - "url": "https://github.com/netty/netty/issues/13084", - "name": "https://github.com/netty/netty/issues/13084" - }, - { - "refsource": "MISC", - "url": "https://github.com/netty/netty/pull/12760", - "name": "https://github.com/netty/netty/pull/12760" - }, - { - "refsource": "MISC", - "url": "https://github.com/netty/netty/commit/fe18adff1c2b333acb135ab779a3b9ba3295a1c4", - "name": "https://github.com/netty/netty/commit/fe18adff1c2b333acb135ab779a3b9ba3295a1c4" - } - ] + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp", + "name": "https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp" + }, + { + "refsource": "MISC", + "url": "https://github.com/netty/netty/issues/13084", + "name": "https://github.com/netty/netty/issues/13084" + }, + { + "refsource": "MISC", + "url": "https://github.com/netty/netty/pull/12760", + "name": "https://github.com/netty/netty/pull/12760" + }, + { + "refsource": "MISC", + "url": "https://github.com/netty/netty/commit/fe18adff1c2b333acb135ab779a3b9ba3295a1c4", + "name": "https://github.com/netty/netty/commit/fe18adff1c2b333acb135ab779a3b9ba3295a1c4" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html" + } + ] }, "impact": { - "cvss": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "baseScore": 6.5, - "baseSeverity": "MEDIUM" - } + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } } - } \ No newline at end of file +} \ No newline at end of file diff --git a/2023/0xxx/CVE-2023-0227.json b/2023/0xxx/CVE-2023-0227.json new file mode 100644 index 00000000000..572aa5267b2 --- /dev/null +++ b/2023/0xxx/CVE-2023-0227.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0227", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file