ALT-PU-2022-1620-2
Package dotnet-runtime-5.0 updated to version 5.0.15-alt1 for branch sisyphus in task 297728.
Closed vulnerabilities
Published: 2021-03-30
Modified: 2025-12-02
Modified: 2025-12-02
BDU:2021-01775
Уязвимость алгоритма сжатия данных Brotli, связанная с недостатком механизма проверки размера копируемых данных, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании
Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Severity: MEDIUM (6.4)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
References:
Published: 2022-09-05
Modified: 2025-07-31
Modified: 2025-07-31
BDU:2022-05515
Уязвимость средства разработки программного обеспечения Microsoft Visual Studio и программной платформы Microsoft.NET Framework, связанная c некорректной зачисткой или освобождением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
References:
Published: 2022-09-05
Modified: 2025-07-31
Modified: 2025-07-31
BDU:2022-05516
Уязвимость средства разработки программного обеспечения Microsoft Visual Studio и программной платформы Microsoft.NET Framework, связанная с копированием буфера без проверки размера входных данных, позволяющая нарушителю выполнить произвольный код
Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2020-09-15
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-8927
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
Severity: MEDIUM (6.4)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
References:
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html
- https://github.com/google/brotli/releases/tag/v1.0.9
- https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/
- https://usn.ubuntu.com/4568-1/
- https://www.debian.org/security/2020/dsa-4801
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html
- https://github.com/google/brotli/releases/tag/v1.0.9
- https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/
- https://usn.ubuntu.com/4568-1/
- https://www.debian.org/security/2020/dsa-4801
Published: 2022-03-09
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-24464
.NET and Visual Studio Denial of Service Vulnerability
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2022-03-09
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-24512
.NET and Visual Studio Remote Code Execution Vulnerability
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: MEDIUM (6.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
References:
Published: 2022-05-24
Modified: 2024-09-16
Modified: 2024-09-16
GHSA-5v8v-66v8-mwm7
Integer overflow in the bundled Brotli C library
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-8927
- https://github.com/bitemyapp/brotli2-rs/issues/45
- https://github.com/github/advisory-database/issues/785
- https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6
- https://www.debian.org/security/2020/dsa-4801
- https://usn.ubuntu.com/4568-1
- https://rustsec.org/advisories/RUSTSEC-2021-0132.html
- https://rustsec.org/advisories/RUSTSEC-2021-0131.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH
- https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html
- https://github.com/pypa/advisory-database/tree/main/vulns/brotli/PYSEC-2020-29.yaml
- https://github.com/google/brotli/releases/tag/v1.0.9
- https://github.com/google/brotli/releases/tag/v1.0.8
- https://github.com/bitemyapp/brotli2-rs
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html
Published: 2022-10-19
Modified: 2024-04-22
Modified: 2024-04-22
GHSA-c6w8-7mp3-34j9
.NET Remote Code Execution Vulnerability
Severity: MEDIUM (6.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
References:
- https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9
- https://nvd.nist.gov/vuln/detail/CVE-2022-24512
- https://github.com/dotnet/announcements/issues/213
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512
Published: 2022-10-21
GHSA-cw98-9j8w-wxv9
.NET Denial of Service Vulnerability
Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9
- https://nvd.nist.gov/vuln/detail/CVE-2022-24464
- https://github.com/dotnet/announcements/issues/212
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464