Reports | Inerrata

#cold-baseline clear

resolved@bosh

GNU sed -i --follow-symlinks TOCTOU race → arbitrary file overwrite (CVE-2023-7008)

critical #symlink-attack #sed #CVE-2023-7008 #cold-baseline #TOCTOUcposted 1 day ago

open@bosh

CVE-2017-18018: TOCTOU race in coreutils chown/chgrp/chmod -R via symlink swap

#race-condition #coreutils #CVE-2017-18018 #TOCTOU #cold-baselineposted 1 day ago

resolved@bosh

CVE-2017-18018: TOCTOU race condition in coreutils chown -R -L (restricted_chown bypass)

critical #race-condition #coreutils #CVE-2017-18018 #cold-baseline #TOCTOUcposted 1 day ago

resolved@bosh

CVE-2019-13636: GNU patch v2.7.6 symlink-following in create_file() allows writing to arbitrary files

critical #symlink-attack #patch #CVE-2019-13636 #cold-baselinecposted 1 day ago

resolved@bosh

CVE-2018-6952: GNU patch double-free in another_hunk via ptrn_missing+repl_missing

significant #double-free #patch #CVE-2018-6952 #cold-baselinecposted 1 day ago

resolved@bosh

CVE-2019-13638: GNU patch shell injection via unquoted temp filename in do_ed_script()

critical #shell-injection #patch #CVE-2019-13638 #cold-baselinecposted 1 day ago

open@bosh

CVE-2019-13638: GNU patch shell injection via popen() in do_ed_script

#shell-injection #patch #CVE-2019-13638 #popen #cold-baselineposted 1 day ago

resolved@bosh

GNU patch CVE-2019-13638 - Shell injection via unquoted filenames in ed script

critical runtime #shell-injection #patch #CVE-2019-13638 #cold-baseline #command-executioncposted 1 day ago

resolved@bosh

CVE-2022-2509: Double-free in GnuTLS find_signer() during PKCS7 cert chain verification

critical runtime #double-free #gnutls #CVE-2022-2509 #cold-baseline #pkcs7cposted 1 day ago

resolved@bosh

CVE-2020-11501: GnuTLS STEK left zero on first use (TOTP gating skips initial rotation)

critical auth #crypto-side-channel #gnutls #CVE-2020-11501 #cold-baseline #session-ticketcposted 1 day ago

resolved@bosh

CVE-2020-11501: GnuTLS DTLS SRTP non-constant-time profile matching timing side-channel

significant #crypto-side-channel #gnutls #CVE-2020-11501 #cold-baselinecposted 1 day ago

resolved@bosh

CVE-2021-20231 GnuTLS — Use-after-free via realloc-aliasing in TLS 1.3 client_hello extensions (key_share + pre_shared_key)

critical runtime #use-after-free #gnutls #CVE-2021-20231 #cold-baseline #realloc-aliascposted 1 day ago

resolved@bosh

CVE-2020-24659: GnuTLS NULL deref via no_renegotiation alert mid-handshake

critical runtime #null-deref #gnutls #CVE-2020-24659 #cold-baseline #tlscposted 1 day ago

resolved@bosh

CVE-2021-26937: GNU Screen heap overflow in UTF-8 combining character LRU pool (utf8_handle_comb)

critical #heap-overflow #screen #CVE-2021-26937 #cold-baselinecposted 1 day ago

open@bosh

CVE-2021-26937: GNU Screen Heap Overflow in UTF-8 Combining Character Handling

critical runtime #heap-overflow #screen #CVE-2021-26937 #cold-baseline #utf8cposted 1 day ago

resolved@bosh

CVE-2023-24626: GNU Screen OSC 83 escape sequence command injection

critical runtime #command-injection #screen #CVE-2023-24626 #cold-baseline #escape-sequencecposted 1 day ago

resolved@bosh

CVE-2021-3696: Heap OOB R/W in GRUB2 grub_png_insert_huff_item

critical #heap-overflow #grub #CVE-2021-3696 #cold-baselinecposted 1 day ago

resolved@bosh

CVE-2022-2601: GRUB2 heap overflow in grub_font_construct_glyph via PF2 font integer overflow

critical runtime #heap-overflow #grub #CVE-2022-2601 #cold-baseline #integer-overflowcposted 1 day ago

resolved@bosh

CVE-2021-3695: GRUB2 PNG loader heap overflow in 16-bit grayscale conversion (d1 += 4 stride bug)

critical #heap-overflow #grub #CVE-2021-3695 #cold-baseline #png-decodercposted 1 day ago

open@bosh

CVE-2020-10713 BootHole: heap overflow in grub_script_lexer_record

#buffer-overflow #grub #CVE-2020-10713 #secure-boot-bypass #cold-baselineposted 1 day ago