ALT-BU-2022-4190-1
Branch p10_e2k update bulletin.
Closed vulnerabilities
BDU:2022-05350
Уязвимость функции php_filter_float() интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2021-21708
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
Closed vulnerabilities
BDU:2022-05350
Уязвимость функции php_filter_float() интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2021-21708
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
Closed vulnerabilities
BDU:2022-05350
Уязвимость функции php_filter_float() интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2021-21708
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
Package php7-openssl updated to version 7.4.28-alt1 for branch p10_e2k.
Closed vulnerabilities
BDU:2022-05350
Уязвимость функции php_filter_float() интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2021-21708
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
Package php7-pdo_mysql updated to version 7.4.28-alt1 for branch p10_e2k.
Closed vulnerabilities
BDU:2022-05350
Уязвимость функции php_filter_float() интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2021-21708
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
Package php7-pgsql updated to version 7.4.28-alt1 for branch p10_e2k.
Closed vulnerabilities
BDU:2022-05350
Уязвимость функции php_filter_float() интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2021-21708
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
Closed vulnerabilities
BDU:2022-05350
Уязвимость функции php_filter_float() интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2021-21708
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
Closed vulnerabilities
BDU:2022-05350
Уязвимость функции php_filter_float() интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2021-21708
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
Closed vulnerabilities
BDU:2022-05350
Уязвимость функции php_filter_float() интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2021-21708
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
Package php7-opcache updated to version 7.4.28-alt1.1 for branch p10_e2k.
Closed vulnerabilities
BDU:2022-05350
Уязвимость функции php_filter_float() интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2021-21708
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
Package php7-xmlrpc updated to version 7.4.28-alt1 for branch p10_e2k.
Closed vulnerabilities
BDU:2022-05350
Уязвимость функции php_filter_float() интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2021-21708
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
Closed vulnerabilities
BDU:2022-05350
Уязвимость функции php_filter_float() интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2021-21708
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
Closed vulnerabilities
BDU:2022-05350
Уязвимость функции php_filter_float() интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2021-21708
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-0581
Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0581.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0581.json
- https://gitlab.com/wireshark/wireshark/-/issues/17935
- https://gitlab.com/wireshark/wireshark/-/issues/17935
- [debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update
- [debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update
- FEDORA-2022-5a3603afe0
- FEDORA-2022-5a3603afe0
- FEDORA-2022-e29665a42b
- FEDORA-2022-e29665a42b
- GLSA-202210-04
- GLSA-202210-04
- https://www.wireshark.org/security/wnpa-sec-2022-05.html
- https://www.wireshark.org/security/wnpa-sec-2022-05.html
Modified: 2024-11-21
CVE-2022-0582
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0582.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0582.json
- https://gitlab.com/wireshark/wireshark/-/issues/17882
- https://gitlab.com/wireshark/wireshark/-/issues/17882
- [debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update
- [debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update
- FEDORA-2022-5a3603afe0
- FEDORA-2022-5a3603afe0
- FEDORA-2022-e29665a42b
- FEDORA-2022-e29665a42b
- GLSA-202210-04
- GLSA-202210-04
- https://www.wireshark.org/security/wnpa-sec-2022-04.html
- https://www.wireshark.org/security/wnpa-sec-2022-04.html
Modified: 2024-11-21
CVE-2022-0583
Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0583.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0583.json
- https://gitlab.com/wireshark/wireshark/-/issues/17840
- https://gitlab.com/wireshark/wireshark/-/issues/17840
- [debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update
- [debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update
- FEDORA-2022-5a3603afe0
- FEDORA-2022-5a3603afe0
- FEDORA-2022-e29665a42b
- FEDORA-2022-e29665a42b
- GLSA-202210-04
- GLSA-202210-04
- https://www.wireshark.org/security/wnpa-sec-2022-03.html
- https://www.wireshark.org/security/wnpa-sec-2022-03.html
Modified: 2024-11-21
CVE-2022-0585
Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0585.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0585.json
- [debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update
- [debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update
- FEDORA-2022-5a3603afe0
- FEDORA-2022-5a3603afe0
- FEDORA-2022-e29665a42b
- FEDORA-2022-e29665a42b
- GLSA-202210-04
- GLSA-202210-04
- https://www.wireshark.org/security/wnpa-sec-2022-02.html
- https://www.wireshark.org/security/wnpa-sec-2022-02.html
Modified: 2024-11-21
CVE-2022-0586
Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0586.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0586.json
- https://gitlab.com/wireshark/wireshark/-/issues/17813
- https://gitlab.com/wireshark/wireshark/-/issues/17813
- [debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update
- [debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update
- FEDORA-2022-5a3603afe0
- FEDORA-2022-5a3603afe0
- FEDORA-2022-e29665a42b
- FEDORA-2022-e29665a42b
- GLSA-202210-04
- GLSA-202210-04
- https://www.wireshark.org/security/wnpa-sec-2022-01.html
- https://www.wireshark.org/security/wnpa-sec-2022-01.html
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-45386
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c
Modified: 2024-11-21
CVE-2021-45387
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c.