Differential D30906 Diff 91373 security/vuxml/vuln-2021.xml

Changeset View

Standalone View

security/vuxml/vuln-2021.xml

				<vuln vid="7c555ce3-658d-4589-83dd-4b6a31c5d610">
				<topic>RabbitMQ-C -- integer overflow leads to heap corruption</topic>
				<affects>
				<package>
				<name>net/rabbitmq-c</name>
				<name>net/rabbitmq-c-devel</name>
				<range><lt>0.10.0</lt></range>
				</package>
				<p>alanxz reports:</p>
				<blockquote cite="https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a">
				<p>When parsing a frame header, validate that the frame_size is less than
				or equal to INT32_MAX. Given frame_max is limited between 0 and
				INT32_MAX in amqp_login and friends, this does not change the API.
				This prevents a potential buffer overflow when a malicious client sends
				a frame_size that is close to UINT32_MAX, in which causes an overflow
				when computing state->target_size resulting in a small value there. A
				buffer is then allocated with the small amount, then memcopy copies the
				frame_size writing to memory beyond the end of the buffer.</p>
				</blockquote>
				</body>
				</description>
				<references>
				<cvename>CVE-2019-18609</cvename>
				<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18609</url>
				</references>
				<dates>
				<discovery>2019-10-29</discovery>
				<entry>2021-06-25</entry>
				</dates>
				</vuln>

	<vuln vid="41bc849f-d5ef-11eb-ae37-589cfc007716">			<vuln vid="41bc849f-d5ef-11eb-ae37-589cfc007716">
	<topic>PuppetDB -- SQL Injection</topic>			<topic>PuppetDB -- SQL Injection</topic>
	<affects>			<affects>
	<package>			<package>
	<name>puppetdb6</name>			<name>puppetdb6</name>
	<range><lt>6.17.0</lt></range>			<range><lt>6.17.0</lt></range>
	</package>			</package>
	<package>			<package>
	<name>puppetdb7</name>			<name>puppetdb7</name>
	<range><lt>7.4.1</lt></range>			<range><lt>7.4.1</lt></range>
	</package>
	</affects>			</affects>
	<description>			<description>
	<body xmlns="http://www.w3.org/1999/xhtml">			<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Puppet reports:</p>			<p>Puppet reports:</p>
	<blockquote cite="https://puppet.com/docs/puppetdb/latest/release_notes.html#security-fixes">			<blockquote cite="https://puppet.com/docs/puppetdb/latest/release_notes.html#security-fixes">
	<p>Fixed an issue where someone with the ability to query PuppetDB could arbitrarily write, update, or delete data CVE-2021-27021 PDB-5138.</p>			<p>Fixed an issue where someone with the ability to query PuppetDB could arbitrarily write, update, or delete data CVE-2021-27021 PDB-5138.</p>
	</blockquote>			</blockquote>
	</body>			</body>
	</description>			</description>
	<references>			<references>
	<cvename>CVE-2021-27021</cvename>			<cvename>CVE-2021-27021</cvename>
	<url>https://puppet.com/security/cve/cve-2021-27021/</url>			<url>https://puppet.com/security/cve/cve-2021-27021/</url>
	<url>https://tickets.puppetlabs.com/browse/PDB-5138</url>			<url>https://tickets.puppetlabs.com/browse/PDB-5138</url>
	</references>			</references>
	<dates>			<dates>
	<discovery>2021-06-24</discovery>			<discovery>2021-06-24</discovery>
	<entry>2021-06-25</entry>
	</dates>
	</vuln>

	<vuln vid="4c9159ea-d4c9-11eb-aeee-8c164582fbac">			<vuln vid="4c9159ea-d4c9-11eb-aeee-8c164582fbac">
	<topic>Ansible -- Templating engine bug</topic>			<topic>Ansible -- Templating engine bug</topic>
	<affects>			<affects>
	<package>			<package>
	<name>py36-ansible-core</name>			<name>py36-ansible-core</name>
	<name>py37-ansible-core</name>			<name>py37-ansible-core</name>
	<name>py38-ansible-core</name>			<name>py38-ansible-core</name>
	▲ Show 20 Lines • Show All 6,423 Lines • Show Last 20 Lines