pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0f9ca6c802
vuln-list-alt/oval/c10f2/ALT-PU-2024-3888/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

158 lines
6.5 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20243888",
"Version": "oval:org.altlinux.errata:def:20243888",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-3888: package `connman` update to version 1.42-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f2"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-3888",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-3888",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-07359",
"RefURL": "https://bdu.fstec.ru/vul/2022-07359",
"Source": "BDU"
},
{
"RefID": "BDU:2022-07360",
"RefURL": "https://bdu.fstec.ru/vul/2022-07360",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03868",
"RefURL": "https://bdu.fstec.ru/vul/2023-03868",
"Source": "BDU"
},
{
"RefID": "CVE-2022-32292",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-32292",
"Source": "CVE"
},
{
"RefID": "CVE-2022-32293",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-32293",
"Source": "CVE"
},
{
"RefID": "CVE-2023-28488",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-28488",
"Source": "CVE"
}
],
"Description": "This update upgrades connman to version 1.42-alt1. \nSecurity Fix(es):\n\n * BDU:2022-07359: Уязвимость реализации поддержки WISPR диспетчера соединений Connman, связанная с использованием памяти после ее освобождения, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * BDU:2022-07360: Уязвимость компонента gweb диспетчера соединений Connman, связанная с записью за границами выделенного диапазона памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-03868: Уязвимость компонента client.c диспетчера соединений ConnMan, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2022-32292: In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.\n\n * CVE-2022-32293: In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.\n\n * CVE-2023-28488: client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-03-13"
},
"Updated": {
"Date": "2024-03-13"
},
"BDUs": [
{
"ID": "BDU:2022-07359",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-07359",
"Impact": "High",
"Public": "20220803"
},
{
"ID": "BDU:2022-07360",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-07360",
"Impact": "Critical",
"Public": "20220803"
},
{
"ID": "BDU:2023-03868",
"CVSS": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2023-03868",
"Impact": "Low",
"Public": "20230411"
}
],
"CVEs": [
{
"ID": "CVE-2022-32292",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-32292",
"Impact": "Critical",
"Public": "20220803"
},
{
"ID": "CVE-2022-32293",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-32293",
"Impact": "High",
"Public": "20220803"
},
{
"ID": "CVE-2023-28488",
"CVSS3": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-28488",
"Impact": "Low",
"Public": "20230412"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20243888001",
"Comment": "connman is earlier than 0:1.42-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20243888002",
"Comment": "connman-devel is earlier than 0:1.42-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20243888003",
"Comment": "connman-docs is earlier than 0:1.42-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink