mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-11 16:13:34 +00:00
Auto-Update: 2024-01-21T13:00:24.281365+00:00
This commit is contained in:
cad-safe-bot
parent
f40c7f75cf
commit
4b86e829df
@ -2,12 +2,16 @@
|
|||||||
"id": "CVE-2024-0607",
|
"id": "CVE-2024-0607",
|
||||||
"sourceIdentifier": "secalert@redhat.com",
|
"sourceIdentifier": "secalert@redhat.com",
|
||||||
"published": "2024-01-18T16:15:08.690",
|
"published": "2024-01-18T16:15:08.690",
|
||||||
"lastModified": "2024-01-18T19:25:46.623",
|
"lastModified": "2024-01-21T12:15:07.993",
|
||||||
"vulnStatus": "Awaiting Analysis",
|
"vulnStatus": "Awaiting Analysis",
|
||||||
"descriptions": [
|
"descriptions": [
|
||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element, possibly leading to an out-of-bounds write. This flaw allows a local user to cause a denial of service or potentially escalate their privileges on the system."
|
"value": "A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality."
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"lang": "es",
|
||||||
|
"value": "Se encontr\u00f3 una falla en el subsistema Netfilter en el kernel de Linux. El problema est\u00e1 en la funci\u00f3n nft_byteorder_eval(), donde el c\u00f3digo itera a trav\u00e9s de un bucle y escribe en la matriz `dst`. En cada iteraci\u00f3n, se escriben 8 bytes, pero `dst` es una matriz de u32, por lo que cada elemento solo tiene espacio para 4 bytes. Eso significa que cada iteraci\u00f3n sobrescribe parte del elemento anterior, lo que posiblemente lleve a una escritura fuera de los l\u00edmites. Esta falla permite que un usuario local provoque una denegaci\u00f3n de servicio o potencialmente aumente sus privilegios en el sistema."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"metrics": {
|
"metrics": {
|
||||||
@ -17,20 +21,20 @@
|
|||||||
"type": "Secondary",
|
"type": "Secondary",
|
||||||
"cvssData": {
|
"cvssData": {
|
||||||
"version": "3.1",
|
"version": "3.1",
|
||||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
|
||||||
"attackVector": "LOCAL",
|
"attackVector": "LOCAL",
|
||||||
"attackComplexity": "LOW",
|
"attackComplexity": "LOW",
|
||||||
"privilegesRequired": "LOW",
|
"privilegesRequired": "LOW",
|
||||||
"userInteraction": "NONE",
|
"userInteraction": "NONE",
|
||||||
"scope": "UNCHANGED",
|
"scope": "UNCHANGED",
|
||||||
"confidentialityImpact": "HIGH",
|
"confidentialityImpact": "LOW",
|
||||||
"integrityImpact": "HIGH",
|
"integrityImpact": "LOW",
|
||||||
"availabilityImpact": "HIGH",
|
"availabilityImpact": "HIGH",
|
||||||
"baseScore": 7.8,
|
"baseScore": 6.6,
|
||||||
"baseSeverity": "HIGH"
|
"baseSeverity": "MEDIUM"
|
||||||
},
|
},
|
||||||
"exploitabilityScore": 1.8,
|
"exploitabilityScore": 1.8,
|
||||||
"impactScore": 5.9
|
"impactScore": 4.7
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
@ -41,7 +45,7 @@
|
|||||||
"description": [
|
"description": [
|
||||||
{
|
{
|
||||||
"lang": "en",
|
"lang": "en",
|
||||||
"value": "CWE-787"
|
"value": "CWE-229"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
@ -54,6 +58,10 @@
|
|||||||
{
|
{
|
||||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258635",
|
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258635",
|
||||||
"source": "secalert@redhat.com"
|
"source": "secalert@redhat.com"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "https://github.com/torvalds/linux/commit/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63",
|
||||||
|
"source": "secalert@redhat.com"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
|
|||||||
### Last Repository Update
|
### Last Repository Update
|
||||||
|
|
||||||
```plain
|
```plain
|
||||||
2024-01-21T11:00:24.367184+00:00
|
2024-01-21T13:00:24.281365+00:00
|
||||||
```
|
```
|
||||||
|
|
||||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||||
|
|
||||||
```plain
|
```plain
|
||||||
2024-01-21T10:15:08.337000+00:00
|
2024-01-21T12:15:07.993000+00:00
|
||||||
```
|
```
|
||||||
|
|
||||||
### Last Data Feed Release
|
### Last Data Feed Release
|
||||||
@ -34,16 +34,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
|
|||||||
|
|
||||||
### CVEs added in the last Commit
|
### CVEs added in the last Commit
|
||||||
|
|
||||||
Recently added CVEs: `1`
|
Recently added CVEs: `0`
|
||||||
|
|
||||||
* [CVE-2023-6531](CVE-2023/CVE-2023-65xx/CVE-2023-6531.json) (`2024-01-21T10:15:07.967`)
|
|
||||||
|
|
||||||
|
|
||||||
### CVEs modified in the last Commit
|
### CVEs modified in the last Commit
|
||||||
|
|
||||||
Recently modified CVEs: `1`
|
Recently modified CVEs: `1`
|
||||||
|
|
||||||
* [CVE-2024-0584](CVE-2024/CVE-2024-05xx/CVE-2024-0584.json) (`2024-01-21T10:15:08.337`)
|
* [CVE-2024-0607](CVE-2024/CVE-2024-06xx/CVE-2024-0607.json) (`2024-01-21T12:15:07.993`)
|
||||||
|
|
||||||
|
|
||||||
## Download and Usage
|
## Download and Usage
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user