Some vulnerabilities are not fixed since 2020

ossec / ossec-hids

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

http://www.ossec.net

Other

4.33k stars 1.02k forks source link

Some vulnerabilities are not fixed since 2020 #2089

Closed r3bb1t closed 11 months ago

r3bb1t commented 1 year ago

In 2020 several bugs have been found by cpu.

Half of them have been fixed, but some vulnerabilities remain unchanged.

Please, fix the following vulnerabilities or at least give any workarounds:

CVE 2020-8444
CVE 2020-8445
CVE 2020-8446
CVE 2020-8447

Reference: https://github.com/ossec/ossec-hids/issues/1821

C3dar commented 1 year ago

It looks like CVE 2020-8444 was fixed .

https://github.com/ossec/ossec-hids/pull/1825

r3bb1t commented 1 year ago

It looks like CVE 2020-8444 was fixed .

1825

I believe it fixed CVE-2020-8442, not the CVE 2020-8444

cpu commented 1 year ago

I believe it fixed https://github.com/advisories/GHSA-249h-cc9x-grm3, not the CVE 2020-8444

That's correct.

atomicturtle commented 11 months ago

Merging this with the open issues for de-duplication see: PR#2092 and PR#2094