search

splunk / docker-splunk

Splunk Docker GitHub Repository
461 stars 254 forks source link

Release Another Distro To Publish Images or Remediate CVE's #576

Open dpericaxon opened 1 year ago

dpericaxon commented 1 year ago
Hello! The base image thats being leveraged currently is redhat-RHEL8 and comes with numerous CVE's. We were wondering if it would be possible to use a different base image or if there was a lighter image available? Or is it possible to remediate these CVE's by bumping the os version? Here are the CVE's: Repository Tag Distro CVE ID Severity Packages Source Package Package Version Package License Fix Status Description
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2023-0286 high cryptography 3.3.2 BSD or Apache License, Version 2.0 fixed in 39.0.1 There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2023-23931 medium cryptography 3.3.2 BSD or Apache License, Version 2.0 fixed in 39.0.1 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as bytes) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since update_into was originally introduced in cryptography 1.8.
splunk/universalforwarder 8.2.10 redhat-RHEL8 PRISMA-2022-0168 high pip 9.0.3 MIT open An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely. This vulnerability was first assigned with CVE-2018-20225, but it is still under dispute. However, this vulnerability still poses a threat when using the --extra-index-url.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2023-24056 moderate pkgconf-pkg-config 1.4.2-1.el8 ISC affected In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2022-3715 moderate bash 4.4.20-4.el8_6 GPLv3+ affected A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2022-43552 low libcurl 7.61.1-25.el8_7.2 MIT affected A use after free vulnerability exists in curl <7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2022-43995 important sudo 1.8.29-8.el8_7.1 ISC under investigation Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2017-14501 low libarchive 3.3.3-4.el8 BSD affected An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2022-4304 moderate openssl-libs 1.1.1k-7.el8_6 OpenSSL and ASL 2.0 affected A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2023-23916 moderate libcurl 7.61.1-25.el8_7.2 MIT affected An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable \"links\" in this \"decompression chain\" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2022-35252 low curl 7.61.1-25.el8_7.2 MIT affected When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-35937 moderate rpm 4.14.3-24.el8_7 GPLv2+ affected A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-44568 low libsolv 0.7.20-4.el8_7 BSD affected Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-35938 moderate rpm 4.14.3-24.el8_7 GPLv2+ affected A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2023-24329 important python3-libs 3.6.8-48.el8_7.1 Python under investigation An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-35938 moderate rpm-libs 4.14.3-24.el8_7 GPLv2+ and LGPLv2+ with exceptions affected A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2023-0361 moderate gnutls 3.6.16-5.el8_6 GPLv3+ and LGPLv2+ affected A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2023-0054 low vim-minimal 8.0.1763-19.el8_6.4 Vim and MIT affected Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-35939 moderate rpm-libs 4.14.3-24.el8_7 GPLv2+ and LGPLv2+ with exceptions affected It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2022-2206 low vim-minimal 8.0.1763-19.el8_6.4 Vim and MIT affected Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2022-4293 low vim-minimal 8.0.1763-19.el8_6.4 Vim and MIT under investigation Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2022-4450 moderate openssl-libs 1.1.1k-7.el8_6 OpenSSL and ASL 2.0 affected The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as th
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2023-24056 moderate pkgconf 1.4.2-1.el8 ISC affected In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2023-24329 important platform-python 3.6.8-48.el8_7.1 Python under investigation An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
dpericaxon commented 1 year ago
Continued: Repository Tag Distro CVE ID Severity Packages Source Package Package Version Package License Fix Status Description
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2022-36227 low libarchive 3.3.3-4.el8 BSD affected In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: \"In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.\"
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2023-1127 low vim-minimal 8.0.1763-19.el8_6.4 Vim and MIT under investigation Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2022-47024 moderate vim-minimal 8.0.1763-19.el8_6.4 Vim and MIT under investigation A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2023-0286 moderate openssl-libs 1.1.1k-7.el8_6 OpenSSL and ASL 2.0 affected There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2023-0215 moderate openssl-libs 1.1.1k-7.el8_6 OpenSSL and ASL 2.0 affected The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_newPKCS7, i2d
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2023-24056 moderate libpkgconf 1.4.2-1.el8 ISC affected In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2023-24056 moderate pkgconf-m4 1.4.2-1.el8 GPLv2+ with exceptions affected In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-3826 low libgcc 8.5.0-16.el8_7 GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD affected Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2022-35252 low libcurl 7.61.1-25.el8_7.2 MIT affected When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2022-43552 low curl 7.61.1-25.el8_7.2 MIT affected A use after free vulnerability exists in curl <7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2023-0512 low vim-minimal 8.0.1763-19.el8_6.4 Vim and MIT under investigation Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2023-27320 moderate sudo 1.8.29-8.el8_7.1 ISC under investigation Sudo before 1.9.13p2 has a double free in the per-command chroot feature.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-35939 moderate rpm 4.14.3-24.el8_7 GPLv2+ affected It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-3826 low libstdc++ 8.5.0-16.el8_7 GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD affected Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2022-2175 low vim-minimal 8.0.1763-19.el8_6.4 Vim and MIT affected Buffer Over-read in GitHub repository vim/vim prior to 8.2.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2023-0433 low vim-minimal 8.0.1763-19.el8_6.4 Vim and MIT under investigation Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-35937 moderate rpm-libs 4.14.3-24.el8_7 GPLv2+ and LGPLv2+ with exceptions affected A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2023-23916 moderate curl 7.61.1-25.el8_7.2 MIT affected An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable \"links\" in this \"decompression chain\" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2022-2208 low vim-minimal 8.0.1763-19.el8_6.4 Vim and MIT affected NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2017-14166 low libarchive 3.3.3-4.el8 BSD affected libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-3826 low libgomp 8.5.0-16.el8_7 GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD affected Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-42381 high busybox 1.28.1 fixed in 1.33.2 A use-after-free in Busybox\'s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2018-1000517 critical busybox 1.28.1 fixed in 1.29.0 BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-42374 medium busybox 1.28.1 fixed in 1.33.2 An out-of-bounds heap read in Busybox\'s unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-42379 high busybox 1.28.1 fixed in 1.33.2 A use-after-free in Busybox\'s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2018-1000500 high busybox 1.28.1 fixed in 1.32.0 Busybox contains a Missing SSL certificate validation vulnerability in The \"busybox wget\" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using \"busybox wget https://compromised-domain.com/important-file\".
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-42378 high busybox 1.28.1 fixed in 1.33.2 A use-after-free in Busybox\'s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-42385 high busybox 1.28.1 fixed in 1.33.2 A use-after-free in Busybox\'s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
dpericaxon commented 1 year ago
Continued: Repository Tag Distro CVE ID Severity Packages Source Package Package Version Package License Fix Status Description
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-42386 high busybox 1.28.1 fixed in 1.33.2 A use-after-free in Busybox\'s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2018-20679 high busybox 1.28.1 fixed in 1.30.0 An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-42376 medium busybox 1.28.1 fixed in 1.34.0 A NULL pointer dereference in Busybox\'s hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-42384 high busybox 1.28.1 fixed in 1.33.2 A use-after-free in Busybox\'s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2019-5747 high busybox 1.28.1 fixed in 1.30.1 An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-42382 high busybox 1.28.1 fixed in 1.33.2 A use-after-free in Busybox\'s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2022-28391 high busybox 1.28.1 BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record\'s value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal\'s colors.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-42380 high busybox 1.28.1 fixed in 1.33.2 A use-after-free in Busybox\'s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-3737 high python 3.7.10 fixed in 3.9.6, 3.8.11, 3.7.11,... A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2022-0391 high python 3.7.10 fixed in 3.9.5, 3.8.11, 3.7.11,... A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like \'\r\' and \'\n\' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2016-3189 medium python 3.7.10 fixed in 3.10.3, 3.9.11, 3.8.13,... Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2018-25032 high python 3.7.10 fixed in 1.2.12 zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-3733 medium python 3.7.10 fixed in 3.9.5, 3.8.10, 3.7.11,... There\'s a flaw in urllib\'s AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2019-12900 critical python 3.7.10 fixed in 3.10.3, 3.9.11, 3.8.13,... BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2015-20107 high python 3.7.10 fixed in 3.10.8 In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2022-42919 high python 3.7.10 fixed in 3.10.9, 3.9.16 Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2023-24329 high python 3.7.10 fixed in 3.11 An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2020-10735 high python 3.7.10 fixed in 3.10.7, 3.9.14, 3.8.14,... A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2021-4189 medium python 3.7.10 fixed in 3.9.3, 3.8.9, 3.7.11,... A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2022-45061 high python 3.7.10 fixed in 3.10.9, 3.9.16, 3.8.16,... An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.
splunk/universalforwarder 8.2.10 redhat-RHEL8 Private keys stored in image high Private keys stored in image
dpericaxon commented 1 year ago
Repository Tag Distro CVE ID Severity Packages Source Package Package Version Package License Fix Status Description
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2023-26604 OS systemd-libs 239-68.el8_7.4 LGPLv2+ and MIT affected systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the \"systemctl status\" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2022-3491 OS vim-minimal 8.0.1763-19.el8_6.4 Vim and MIT under investigation Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2022-3234 OS vim-minimal 8.0.1763-19.el8_6.4 Vim and MIT under investigation Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
splunk/universalforwarder 8.2.10 redhat-RHEL8 CVE-2022-47024 OS vim-minimal 8.0.1763-19.el8_6.4 Vim and MIT under investigation A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.