OL CVE Issue Summary:
Web cache poisoning via urllib.parse.parse_qsl and parse_qs. Attackers can use semicolons (;) in query parameters ("parameter cloaking") to cause proxies and servers to interpret requests differently, potentially allowing malicious requests to be cached as safe ones.
OL CVE Issue Summary:CGI::Cookie.parse mishandles security prefixes in cookie names. This also affects the CGI gem.
OL CVE Issue Summary:
A flaw was discovered in OpenLDAP before 2.4.57 leading to integer underflow in slapd in the serialNumberAndIssuerCheck and serialNumberAndIssuerSerialCheck functions in schema_init.c, resulting in denial of service.
A flaw was discovered in OpenLDAP before 2.4.57 leading to assertion failures in slapd in the authzPrettyNormal function in saslauthz.c, resulting in denial of service.
A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the slap_free_ctrls function in controls.c, resulting in denial of service.
A flaw was discovered in OpenLDAP before 2.4.57 leading to invalid pointer access in slapd in the authzPrettyNormal function in saslauthz.c, resulting in denial of service.
A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free in slapd in the dnPretty function in dn.c, resulting in denial of service.
A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the slap_parse_user function in saslauthz.c, resulting in denial of service.
A flaw was discovered in OpenLDAP before 2.4.57 leading to an integer underflow in slapd in the certificateListExactNormalize function in schema_init.c, resulting in denial of service.
A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the issuerAndThisUpdateCheck function in schema_init.c, resulting in denial of service.
A flaw was discovered in OpenLDAP before 2.4.57 leading to a segmentation fault in slapd in the slap_bv2undef_ad function in ad.c, resulting in denial of service.
A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element,resulting in denial of service.
OL CVE Issue Summary:
A flaw was discovered in OpenLDAP before 2.4.57 leading to integer underflow in slapd in the serialNumberAndIssuerCheck and serialNumberAndIssuerSerialCheck functions in schema_init.c, resulting in denial of service.
A flaw was discovered in OpenLDAP before 2.4.57 leading to assertion failures in slapd in the authzPrettyNormal function in saslauthz.c, resulting in denial of service.
A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the slap_free_ctrls function in controls.c, resulting in denial of service.
A flaw was discovered in OpenLDAP before 2.4.57 leading to invalid pointer access in slapd in the authzPrettyNormal function in saslauthz.c, resulting in denial of service.
A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free in slapd in the dnPretty function in dn.c, resulting in denial of service.
A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the slap_parse_user function in saslauthz.c, resulting in denial of service.
A flaw was discovered in OpenLDAP before 2.4.57 leading to an integer underflow in slapd in the certificateListExactNormalize function in schema_init.c, resulting in denial of service.
A flaw was discovered in OpenLDAP before 2.4.57 leading to a crash in slapd in the issuerAndThisUpdateCheck function in schema_init.c, resulting in denial of service.
A flaw was discovered in OpenLDAP before 2.4.57 leading to a segmentation fault in slapd in the slap_bv2undef_ad function in ad.c, resulting in denial of service.
A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.
OL CVE Issue Summary:
xmlSnprintfElementContent() in valid.c is supposed to recursively dump the element content definition into a char buffer buf of size size. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then
(i) the content->prefix is appended to buf (if it actually fits)
whereupon:
(ii)content->name is written to the buffer
However, the check is whether the content->name actually fits also uses len rather than the updated buffer length strlen(buf). This allows writing about "size" many bytes beyond the allocated memory.
OL CVE Issue Summary:
xmlSnprintfElementContent() in valid.c is supposed to recursively dump the element content definition into a char buffer buf of size size. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then
(i) the content->prefix is appended to buf (if it actually fits)
whereupon:
(ii)content->name is written to the buffer
However, the check is whether the content->name actually fits also uses len rather than the updated buffer length strlen(buf). This allows writing about "size" many bytes beyond the allocated memory.
OL CVE Issue Summary:
The issue involves incorrect backtracking in Python's urllib.request.AbstractBasicAuthHandler, which allows a Regular Expression Denial-of-Service (ReDoS) attack. A regex with nested quantifiers in http_error_auth_reqed() fails to efficiently handle maliciously long sequences of commas in the WWW-Authenticate header. When a server sends a crafted WWW-Authenticate header filled with excessive commas, the regex triggers catastrophic backtracking, causing the client to hang or crash.
OL CVE Issue Summary:
CVE-2021-38185 is a critical integer overflow vulnerability in GNU's cpio(versions up to 2.13). The flaw exists in dstring.c:ds_fgetstr().
The vulnerability is triggered when cpio processes a maliciously crafted pattern file via the -E option. The integer overflow occurs during memory allocation for a string, leading to an out-of-bounds heapwrite, which can be leveraged for arbitrary code execution.
OL CVE Issue Summary:
When g_byte_array_new_take() is called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
Learn about Tomcat patching, including how to apply patches and best practices to ensure your Tomcat builds are always patched against the latest CVEs.
