Automatically generated suggestions

to slate a suggestion for refinement.

to mark a suggestion as irrelevant and log the reason.

View:

Compact

Detailed

Permalink CVE-2023-4256

5.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 6 months ago

Tcpreplay: tcprewrite: double free in tcpedit_dlt_cleanup() in plugins/dlt_plugins.c

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.

References

RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
RHBZ#2255212 issue-tracking x_refsource_REDHAT x_transferred
https://github.com/appneta/tcpreplay/issues/813 x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
RHBZ#2255212 issue-tracking x_refsource_REDHAT
https://github.com/appneta/tcpreplay/issues/813
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
RHBZ#2255212 issue-tracking x_refsource_REDHAT x_transferred
https://github.com/appneta/tcpreplay/issues/813 x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred

Affected products

tcpreplay

Matching in nixpkgs

pkgs.tcpreplay

Suite of utilities for editing and replaying network traffic

nixos-unstable -
- nixpkgs-unstable 4.5.2

Package maintainers

@proteansec Dejan Lukan <dejan@proteansec.com>

Permalink CVE-2023-5764

7.1 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

created 6 months ago

Ansible: template injection

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce code injection when supplying templating data.

References

RHBZ#2247629 issue-tracking x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5764 x_refsource_REDHAT vdb-entry
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5764 x_refsource_REDHAT vdb-entry
RHBZ#2247629 issue-tracking x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5764 x_refsource_REDHAT vdb-entry
RHBZ#2247629 issue-tracking x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5764 x_refsource_REDHAT vdb-entry
RHBZ#2247629 issue-tracking x_refsource_REDHAT
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5764 x_refsource_REDHAT vdb-entry
RHBZ#2247629 issue-tracking x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5764 x_refsource_REDHAT vdb-entry
RHBZ#2247629 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5764 x_refsource_REDHAT vdb-entry
RHBZ#2247629 issue-tracking x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-5764 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2247629 issue-tracking x_refsource_REDHAT x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5764 x_refsource_REDHAT vdb-entry
RHBZ#2247629 issue-tracking x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-5764 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2247629 issue-tracking x_refsource_REDHAT x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5764 x_refsource_REDHAT vdb-entry
RHBZ#2247629 issue-tracking x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-5764 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2247629 issue-tracking x_refsource_REDHAT x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5764 x_refsource_REDHAT vdb-entry
RHBZ#2247629 issue-tracking x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-5764 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2247629 issue-tracking x_refsource_REDHAT x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5764 x_refsource_REDHAT vdb-entry
RHBZ#2247629 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5764 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2247629 issue-tracking x_refsource_REDHAT x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT x_transferred
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5764 x_refsource_REDHAT vdb-entry
RHBZ#2247629 issue-tracking x_refsource_REDHAT
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-5764 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2247629 issue-tracking x_refsource_REDHAT x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://security.netapp.com/advisory/ntap-20241025-0001/
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5764 x_refsource_REDHAT vdb-entry
RHBZ#2247629 issue-tracking x_refsource_REDHAT
RHBZ#2247629 issue-tracking x_refsource_REDHAT x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://security.netapp.com/advisory/ntap-20241025-0001/
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-5764 x_transferred x_refsource_REDHAT vdb-entry
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5764 x_refsource_REDHAT vdb-entry
RHBZ#2247629 issue-tracking x_refsource_REDHAT
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-5764 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2247629 issue-tracking x_refsource_REDHAT x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://security.netapp.com/advisory/ntap-20241025-0001/
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5764 x_refsource_REDHAT vdb-entry
RHBZ#2247629 issue-tracking x_refsource_REDHAT
RHSA-2023:7773 vendor-advisory x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-5764 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2247629 issue-tracking x_refsource_REDHAT x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://security.netapp.com/advisory/ntap-20241025-0001/

Affected products

ansible

ansible-core

Matching in nixpkgs

pkgs.ansible-cmdb

Generate host overview from ansible fact gathering output

nixos-unstable -
- nixpkgs-unstable 1.31

pkgs.ansible-lint

Best practices checker for Ansible

nixos-unstable -
- nixpkgs-unstable 25.8.2

pkgs.ansible_2_16

Radically simple IT automation

nixos-unstable -
- nixpkgs-unstable 2.16.14

pkgs.ansible_2_17

Radically simple IT automation

nixos-unstable -
- nixpkgs-unstable 2.17.8

pkgs.ansible_2_18

Radically simple IT automation

nixos-unstable -
- nixpkgs-unstable 2.18.8

pkgs.ansible_2_19

Radically simple IT automation

nixos-unstable -
- nixpkgs-unstable 2.19.2

pkgs.ansible-doctor

Annotation based documentation for your Ansible roles

nixos-unstable -
- nixpkgs-unstable 7.2.0

pkgs.ansible-builder

Ansible execution environment builder

nixos-unstable -
- nixpkgs-unstable 3.1.0

pkgs.ansible-navigator

Text-based user interface (TUI) for Ansible

nixos-unstable -
- nixpkgs-unstable 25.8.0

pkgs.ansible-language-server

Ansible Language Server

nixos-unstable -
- nixpkgs-unstable 1.2.1

pkgs.python312Packages.ansible

Radically simple IT automation

nixos-unstable -
- nixpkgs-unstable 11.9.0

pkgs.python313Packages.ansible

Radically simple IT automation

nixos-unstable -
- nixpkgs-unstable 11.9.0

pkgs.terraform-providers.ansible

None

nixos-unstable -
- nixpkgs-unstable 1.0.4

pkgs.python312Packages.ansible-core

Radically simple IT automation

nixos-unstable -
- nixpkgs-unstable 2.19.2

pkgs.python313Packages.ansible-core

Radically simple IT automation

nixos-unstable -
- nixpkgs-unstable 2.19.2

pkgs.python312Packages.ansible-compat

Function collection that help interacting with various versions of Ansible

nixos-unstable -
- nixpkgs-unstable 25.8.1

pkgs.python312Packages.ansible-kernel

Ansible kernel for Jupyter

nixos-unstable -
- nixpkgs-unstable 1.0.0

pkgs.python312Packages.ansible-runner

Helps when interfacing with Ansible

nixos-unstable -
- nixpkgs-unstable 2.4.1

pkgs.python312Packages.pytest-ansible

Plugin for pytest to simplify calling ansible modules from tests or fixtures

nixos-unstable -
- nixpkgs-unstable 25.8.0

pkgs.python313Packages.ansible-compat

Function collection that help interacting with various versions of Ansible

nixos-unstable -
- nixpkgs-unstable 25.8.1

pkgs.python313Packages.ansible-kernel

Ansible kernel for Jupyter

nixos-unstable -
- nixpkgs-unstable 1.0.0

pkgs.python313Packages.ansible-runner

Helps when interfacing with Ansible

nixos-unstable -
- nixpkgs-unstable 2.4.1

pkgs.python313Packages.pytest-ansible

Plugin for pytest to simplify calling ansible modules from tests or fixtures

nixos-unstable -
- nixpkgs-unstable 25.8.0

pkgs.vscode-extensions.redhat.ansible

Ansible language support

nixos-unstable -
- nixpkgs-unstable 25.8.1

pkgs.python312Packages.ansible-builder

Ansible execution environment builder

nixos-unstable -
- nixpkgs-unstable 3.1.0

pkgs.python313Packages.ansible-builder

Ansible execution environment builder

nixos-unstable -
- nixpkgs-unstable 3.1.0

pkgs.python312Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

nixos-unstable -
- nixpkgs-unstable 1.2.2

pkgs.python312Packages.ansible-vault-rw

This project aim to R/W an ansible-vault yaml file

nixos-unstable -
- nixpkgs-unstable 2.1.0

pkgs.python313Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

nixos-unstable -
- nixpkgs-unstable 1.2.2

pkgs.python313Packages.ansible-vault-rw

This project aim to R/W an ansible-vault yaml file

nixos-unstable -
- nixpkgs-unstable 2.1.0

pkgs.python312Packages.jinja2-ansible-filters

Jinja2 Ansible Filters

nixos-unstable -
- nixpkgs-unstable jinja2-ansible-filters-1.3.2

pkgs.python313Packages.jinja2-ansible-filters

Jinja2 Ansible Filters

nixos-unstable -
- nixpkgs-unstable jinja2-ansible-filters-1.3.2

Package maintainers

@robsliwi Robert Sliwinski <r@sliwi.org>
@HarisDotParis Haris <git@haris.paris>
@Melkor333 Samuel Ruprecht <samuel@ton-kunst.ch>
@tie Ivan Trubach <mr.trubach@icloud.com>
@tboerger Thomas Boerger <thomas@webhippie.de>
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@sengaya Thilo Uttendorfer <tlo@sengaya.de>
@dawidd6 Dawid Dziurla <dawidd0811@gmail.com>
@geluk Johan Geluk <johan+nix@geluk.io>
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>
@StillerHarpo Florian Engel <engelflorian@posteo.de>
@tjni Theodore Ni <43ngvg@masqt.com>
@TheMaxMur Maxim Muravev <muravjev.mak@yandex.ru>

Permalink CVE-2023-4255

5.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 6 months ago

W3m: out-of-bounds write in function checktype() in etc.c (incomplete fix for cve-2022-38223)

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition.