2025-01-18
ALT-BU-2025-1494-1
Branch c10f2 update bulletin.
Closed vulnerabilities
Published: 2021-06-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-31811
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- [oss-security] 20210612 CVE-2021-31811: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file
- [oss-security] 20210612 CVE-2021-31811: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file
- [ofbiz-notifications] 20210613 [jira] [Commented] (OFBIZ-12256) Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812
- [ofbiz-notifications] 20210613 [jira] [Commented] (OFBIZ-12256) Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812
- [ofbiz-commits] 20210613 [ofbiz-framework] branch release17.12 updated: Fixed: Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 (OFBIZ-12256)
- [ofbiz-commits] 20210613 [ofbiz-framework] branch release17.12 updated: Fixed: Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 (OFBIZ-12256)
- [ofbiz-commits] 20210613 [ofbiz-framework] branch trunk updated: Fixed: Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 (OFBIZ-12256)
- [ofbiz-commits] 20210613 [ofbiz-framework] branch trunk updated: Fixed: Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 (OFBIZ-12256)
- [ofbiz-notifications] 20210613 [jira] [Created] (OFBIZ-12256) Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812
- [ofbiz-notifications] 20210613 [jira] [Created] (OFBIZ-12256) Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812
- [ofbiz-notifications] 20210613 [jira] [Closed] (OFBIZ-12256) Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812
- [ofbiz-notifications] 20210613 [jira] [Closed] (OFBIZ-12256) Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812
- [ofbiz-commits] 20210613 [ofbiz-framework] branch release18.12 updated: Fixed: Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 (OFBIZ-12256)
- [ofbiz-commits] 20210613 [ofbiz-framework] branch release18.12 updated: Fixed: Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 (OFBIZ-12256)
- https://lists.apache.org/thread.html/re3bd16f0cc8f1fbda46b06a4b8241cd417f71402809baa81548fc20e%40%3Cusers.pdfbox.apache.org%3E
- https://lists.apache.org/thread.html/re3bd16f0cc8f1fbda46b06a4b8241cd417f71402809baa81548fc20e%40%3Cusers.pdfbox.apache.org%3E
- [pdfbox-users] 20210612 CVE-2021-31811: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file
- [pdfbox-users] 20210612 CVE-2021-31811: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file
- [announce] 20210612 CVE-2021-31811: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file
- [announce] 20210612 CVE-2021-31811: Apache PDFBox: A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file
- [ofbiz-notifications] 20210613 [jira] [Updated] (OFBIZ-12256) Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812
- [ofbiz-notifications] 20210613 [jira] [Updated] (OFBIZ-12256) Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812
- FEDORA-2021-4a9ead5fff
- FEDORA-2021-4a9ead5fff
- FEDORA-2021-3d94c14be4
- FEDORA-2021-3d94c14be4
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
Published: 2021-06-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-31812
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- [oss-security] 20210612 CVE-2021-31812: Apache PDFBox: A carefully crafted PDF file can trigger an infinite loop while loading the file
- [oss-security] 20210612 CVE-2021-31812: Apache PDFBox: A carefully crafted PDF file can trigger an infinite loop while loading the file
- [ofbiz-notifications] 20210613 [jira] [Commented] (OFBIZ-12256) Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812
- [ofbiz-notifications] 20210613 [jira] [Commented] (OFBIZ-12256) Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812
- [ofbiz-commits] 20210613 [ofbiz-framework] branch release17.12 updated: Fixed: Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 (OFBIZ-12256)
- [ofbiz-commits] 20210613 [ofbiz-framework] branch release17.12 updated: Fixed: Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 (OFBIZ-12256)
- [ofbiz-commits] 20210613 [ofbiz-framework] branch trunk updated: Fixed: Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 (OFBIZ-12256)
- [ofbiz-commits] 20210613 [ofbiz-framework] branch trunk updated: Fixed: Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 (OFBIZ-12256)
- [ofbiz-notifications] 20210613 [jira] [Created] (OFBIZ-12256) Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812
- [ofbiz-notifications] 20210613 [jira] [Created] (OFBIZ-12256) Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812
- https://lists.apache.org/thread.html/ra2ab0ce69ce8aaff0773b8c1036438387ce004c2afc6f066626e205e%40%3Cusers.pdfbox.apache.org%3E
- https://lists.apache.org/thread.html/ra2ab0ce69ce8aaff0773b8c1036438387ce004c2afc6f066626e205e%40%3Cusers.pdfbox.apache.org%3E
- [pdfbox-users] 20210612 CVE-2021-31812: Apache PDFBox: A carefully crafted PDF file can trigger an infinite loop while loading the file
- [pdfbox-users] 20210612 CVE-2021-31812: Apache PDFBox: A carefully crafted PDF file can trigger an infinite loop while loading the file
- [ofbiz-notifications] 20210613 [jira] [Closed] (OFBIZ-12256) Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812
- [ofbiz-notifications] 20210613 [jira] [Closed] (OFBIZ-12256) Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812
- [ofbiz-commits] 20210613 [ofbiz-framework] branch release18.12 updated: Fixed: Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 (OFBIZ-12256)
- [ofbiz-commits] 20210613 [ofbiz-framework] branch release18.12 updated: Fixed: Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812 (OFBIZ-12256)
- [announce] 20210612 CVE-2021-31812: Apache PDFBox: A carefully crafted PDF file can trigger an infinite loop while loading the file
- [announce] 20210612 CVE-2021-31812: Apache PDFBox: A carefully crafted PDF file can trigger an infinite loop while loading the file
- [ofbiz-notifications] 20210613 [jira] [Updated] (OFBIZ-12256) Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812
- [ofbiz-notifications] 20210613 [jira] [Updated] (OFBIZ-12256) Update PDFBox to 2.0.24 because of CVE-2021-31811 & CVE-2021-31812
- FEDORA-2021-4a9ead5fff
- FEDORA-2021-4a9ead5fff
- FEDORA-2021-3d94c14be4
- FEDORA-2021-3d94c14be4
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
Closed vulnerabilities
Published: 2024-06-28
BDU:2024-07005
Уязвимость реализации сетевого протокола аутентификации Kerberos 5, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации
Severity: CRITICAL (9.1)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
References:
Published: 2024-06-28
BDU:2024-07016
Уязвимость реализации сетевого протокола аутентификации Kerberos 5, связанная с недостаточной проверкой входных данных, позволяющая нарушителю получить несанкционированный доступ к токену-оболочки GSS krb5
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2024-06-29
Modified: 2025-03-13
Modified: 2025-03-13
CVE-2024-37370
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
- https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
- https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
- https://security.netapp.com/advisory/ntap-20241108-0007/
- https://web.mit.edu/kerberos/www/advisories/
- https://web.mit.edu/kerberos/www/advisories/
Published: 2024-06-29
Modified: 2025-03-14
Modified: 2025-03-14
CVE-2024-37371
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
Severity: CRITICAL (9.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
References:
- https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
- https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
- https://security.netapp.com/advisory/ntap-20241108-0009/
- https://web.mit.edu/kerberos/www/advisories/
- https://web.mit.edu/kerberos/www/advisories/