Log

AVG-2763 created at 08 Jun 2022 11:05:02
Packages
+ apache
Issues
+ CVE-2022-26377
+ CVE-2022-28330
+ CVE-2022-28614
+ CVE-2022-28615
+ CVE-2022-29404
+ CVE-2022-30522
+ CVE-2022-30556
+ CVE-2022-31813
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 2.4.53-1
Fixed
+ 2.4.54-1
Ticket
Advisory qualified
+ Yes
References
+ https://httpd.apache.org/security/vulnerabilities_24.html
Notes
CVE-2022-30522 created at 08 Jun 2022 11:05:02
AVG-2763 created at 08 Jun 2022 11:05:02
Packages
+ apache
Issues
+ CVE-2022-26377
+ CVE-2022-28330
+ CVE-2022-28614
+ CVE-2022-28615
+ CVE-2022-29404
+ CVE-2022-30522
+ CVE-2022-30556
+ CVE-2022-31813
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 2.4.53-1
Fixed
+ 2.4.54-1
Ticket
Advisory qualified
+ Yes
References
+ https://httpd.apache.org/security/vulnerabilities_24.html
Notes
CVE-2022-26377 created at 08 Jun 2022 11:05:02
AVG-2762 edited at 08 Jun 2022 10:40:49
Notes
+ the linked mail is followed by 30 mails with the patches
AVG-2762 edited at 08 Jun 2022 10:36:09
References
- https://seclists.org/oss-sec/2022/q2/178
+ https://lists.gnu.org/archive/html/grub-devel/2022-06/msg00035.html
CVE-2022-28737 edited at 08 Jun 2022 10:34:41
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables. The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.
References
Notes
CVE-2022-28736 edited at 08 Jun 2022 10:23:27
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ There's a use-after-free vulnerability in grub_cmd_chainloader() function. The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved.
References
Notes
CVE-2022-28735 edited at 08 Jun 2022 10:21:52
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Insufficient validation
Description
+ The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.
References
Notes
CVE-2022-28734 edited at 08 Jun 2022 10:20:26
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Description
+ When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.
References
Notes
CVE-2022-28733 edited at 08 Jun 2022 10:18:48
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.
References
Notes
CVE-2021-3697 edited at 08 Jun 2022 10:16:41
Severity
- Unknown
+ High
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user controlled data to be written in heap. To be successfully performed the attacker needs to do some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention.
References
Notes