pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2024-17535/definitions.json
pepelyaevip cbd622059a ALT Vulnerability
2024-12-26 03:06:04 +00:00

223 lines
11 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:202417535",
"Version": "oval:org.altlinux.errata:def:202417535",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2024-17535: package `gerbv` update to version 2.10.0-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2024-17535",
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-17535",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-00105",
"RefURL": "https://bdu.fstec.ru/vul/2022-00105",
"Source": "BDU"
},
{
"RefID": "BDU:2022-00106",
"RefURL": "https://bdu.fstec.ru/vul/2022-00106",
"Source": "BDU"
},
{
"RefID": "CVE-2021-40391",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-40391",
"Source": "CVE"
},
{
"RefID": "CVE-2021-40393",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-40393",
"Source": "CVE"
},
{
"RefID": "CVE-2021-40394",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-40394",
"Source": "CVE"
},
{
"RefID": "CVE-2021-40400",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-40400",
"Source": "CVE"
},
{
"RefID": "CVE-2021-40401",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-40401",
"Source": "CVE"
},
{
"RefID": "CVE-2021-40402",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-40402",
"Source": "CVE"
},
{
"RefID": "CVE-2021-40403",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-40403",
"Source": "CVE"
},
{
"RefID": "CVE-2023-4508",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-4508",
"Source": "CVE"
}
],
"Description": "This update upgrades gerbv to version 2.10.0-alt2. \nSecurity Fix(es):\n\n * BDU:2022-00105: Уязвимость программного обеспечения для разработки и массового производства печатных плат Gerbv, связанная с записью данных за пределами буфера, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-00106: Уязвимость программного обеспечения для разработки и массового производства печатных плат Gerbv, связанная с записью данных за пределами буфера, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2021-40391: An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.\n\n * CVE-2021-40393: An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.\n\n * CVE-2021-40394: An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.\n\n * CVE-2021-40400: An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.\n\n * CVE-2021-40401: A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.\n\n * CVE-2021-40402: An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.\n\n * CVE-2021-40403: An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability.\n\n * CVE-2023-4508: A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2024-12-25"
},
"Updated": {
"Date": "2024-12-25"
},
"BDUs": [
{
"ID": "BDU:2022-00105",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-00105",
"Impact": "Critical",
"Public": "20211103"
},
{
"ID": "BDU:2022-00106",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"CWE": "CWE-190, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-00106",
"Impact": "Critical",
"Public": "20211103"
}
],
"CVEs": [
{
"ID": "CVE-2021-40391",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-40391",
"Impact": "Critical",
"Public": "20211119"
},
{
"ID": "CVE-2021-40393",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-40393",
"Impact": "Critical",
"Public": "20211222"
},
{
"ID": "CVE-2021-40394",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-40394",
"Impact": "Critical",
"Public": "20211222"
},
{
"ID": "CVE-2021-40400",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-40400",
"Impact": "High",
"Public": "20220414"
},
{
"ID": "CVE-2021-40401",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"CWE": "CWE-252",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-40401",
"Impact": "High",
"Public": "20220204"
},
{
"ID": "CVE-2021-40402",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-40402",
"Impact": "High",
"Public": "20220414"
},
{
"ID": "CVE-2021-40403",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-40403",
"Impact": "Low",
"Public": "20220204"
},
{
"ID": "CVE-2023-4508",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-824",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-4508",
"Impact": "Low",
"Public": "20230824"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:202417535001",
"Comment": "gerbv is earlier than 0:2.10.0-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417535002",
"Comment": "gerbv-examples is earlier than 0:2.10.0-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417535003",
"Comment": "libgerbv is earlier than 0:2.10.0-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:202417535004",
"Comment": "libgerbv-devel is earlier than 0:2.10.0-alt2"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink