Log

AVG-2847 edited at 24 Oct 2023 14:23:16
Severity
- Unknown
+ Critical
CVE-2023-45853 edited at 24 Oct 2023 14:23:16
Severity
- Unknown
+ Critical
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field.
References
Notes
AVG-2847 created at 24 Oct 2023 14:22:35
Packages
+ minizip
Issues
+ CVE-2023-45853
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 1:1.3-1
Fixed
Ticket
Advisory qualified
+ Yes
References
+ https://www.openwall.com/lists/oss-security/2023/10/20/9
Notes
CVE-2023-45853 created at 24 Oct 2023 14:22:35
AVG-1760 edited at 16 Oct 2023 23:51:02
Status
- Vulnerable
+ Unknown
AVG-2846 created at 11 Oct 2023 09:12:55
Packages
+ lib32-curl
+ lib32-libcurl-compat
+ lib32-libcurl-gnutls
Issues
+ CVE-2023-38545
+ CVE-2023-38546
Status
+ Fixed
Severity
+ High
Affected
+ 8.3.0-1
Fixed
+ 8.4.0-1
Ticket
Advisory qualified
+ Yes
References
Notes
AVG-2845 created at 11 Oct 2023 09:12:24
Packages
+ curl
+ libcurl-compat
+ libcurl-gnutls
Issues
+ CVE-2023-38545
+ CVE-2023-38546
Status
+ Fixed
Severity
+ High
Affected
+ 8.3.0-1
Fixed
+ 8.4.0-1
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2023-38546 created at 11 Oct 2023 09:09:42
Severity
+ Low
Remote
+ Remote
Type
+ Content spoofing
Description
+ A logic flaw has been found in cURL before 8.4.0, which allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met.
References
+ https://curl.se/docs/CVE-2023-38546.html
+ https://github.com/curl/curl/commit/61275672b46d9abb32857404
Notes
CVE-2023-38545 edited at 11 Oct 2023 09:07:24
References
https://curl.se/docs/CVE-2023-38545.html
+ https://github.com/curl/curl/commit/fb4415d8aee6c1
CVE-2023-38545 created at 11 Oct 2023 09:06:20
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A heap-based buffer overflow has been found in the SOCKS5 proxy handshake component of cURL before 8.4.0.
References
+ https://curl.se/docs/CVE-2023-38545.html
Notes
AVG-2844 created at 10 Oct 2023 06:25:20
Packages
+ libcue
Issues
+ CVE-2023-43641
Status
+ Fixed
Severity
+ Critical
Affected
+ 2.2.1-3
Fixed
+ 2.2.1-4
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2023-43641 created at 10 Oct 2023 06:24:58
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An out-of-bounds array access has been found in libcue <= 2.21, leading to arbitrary code execution while parsing a file.
References
+ https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/
Notes