mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
Auto-Update: 2024-01-21T13:00:24.281365+00:00
This commit is contained in:
parent
f40c7f75cf
commit
4b86e829df
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2024-0607",
|
||||
"sourceIdentifier": "secalert@redhat.com",
|
||||
"published": "2024-01-18T16:15:08.690",
|
||||
"lastModified": "2024-01-18T19:25:46.623",
|
||||
"lastModified": "2024-01-21T12:15:07.993",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element, possibly leading to an out-of-bounds write. This flaw allows a local user to cause a denial of service or potentially escalate their privileges on the system."
|
||||
"value": "A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se encontr\u00f3 una falla en el subsistema Netfilter en el kernel de Linux. El problema est\u00e1 en la funci\u00f3n nft_byteorder_eval(), donde el c\u00f3digo itera a trav\u00e9s de un bucle y escribe en la matriz `dst`. En cada iteraci\u00f3n, se escriben 8 bytes, pero `dst` es una matriz de u32, por lo que cada elemento solo tiene espacio para 4 bytes. Eso significa que cada iteraci\u00f3n sobrescribe parte del elemento anterior, lo que posiblemente lleve a una escritura fuera de los l\u00edmites. Esta falla permite que un usuario local provoque una denegaci\u00f3n de servicio o potencialmente aumente sus privilegios en el sistema."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
@ -17,20 +21,20 @@
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.8,
|
||||
"baseSeverity": "HIGH"
|
||||
"baseScore": 6.6,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 1.8,
|
||||
"impactScore": 5.9
|
||||
"impactScore": 4.7
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -41,7 +45,7 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-787"
|
||||
"value": "CWE-229"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -54,6 +58,10 @@
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258635",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/torvalds/linux/commit/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63",
|
||||
"source": "secalert@redhat.com"
|
||||
}
|
||||
]
|
||||
}
|
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
|
||||
### Last Repository Update
|
||||
|
||||
```plain
|
||||
2024-01-21T11:00:24.367184+00:00
|
||||
2024-01-21T13:00:24.281365+00:00
|
||||
```
|
||||
|
||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||
|
||||
```plain
|
||||
2024-01-21T10:15:08.337000+00:00
|
||||
2024-01-21T12:15:07.993000+00:00
|
||||
```
|
||||
|
||||
### Last Data Feed Release
|
||||
@ -34,16 +34,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
|
||||
|
||||
### CVEs added in the last Commit
|
||||
|
||||
Recently added CVEs: `1`
|
||||
Recently added CVEs: `0`
|
||||
|
||||
* [CVE-2023-6531](CVE-2023/CVE-2023-65xx/CVE-2023-6531.json) (`2024-01-21T10:15:07.967`)
|
||||
|
||||
|
||||
### CVEs modified in the last Commit
|
||||
|
||||
Recently modified CVEs: `1`
|
||||
|
||||
* [CVE-2024-0584](CVE-2024/CVE-2024-05xx/CVE-2024-0584.json) (`2024-01-21T10:15:08.337`)
|
||||
* [CVE-2024-0607](CVE-2024/CVE-2024-06xx/CVE-2024-0607.json) (`2024-01-21T12:15:07.993`)
|
||||
|
||||
|
||||
## Download and Usage
|
||||
|
Loading…
x
Reference in New Issue
Block a user