ID

VAR-202105-1457


CVE

CVE-2020-36330


TITLE

libwebp  Out-of-bounds read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-016580

DESCRIPTION

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. libwebp Is vulnerable to an out-of-bounds read.Information is obtained and denial of service (DoS) It may be put into a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4930-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 10, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libwebp CVE ID : CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25013 CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 Multiple vulnerabilities were discovered in libwebp, the implementation of the WebP image format, which could result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed images are processed. For the stable distribution (buster), these problems have been fixed in version 0.6.1-2+deb10u1. We recommend that you upgrade your libwebp packages. For the detailed security status of libwebp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libwebp Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDCfg0ACgkQEMKTtsN8 TjaaKBAAqMJfe5aH4Gh14SpB7h2S5JJUK+eo/aPo1tXn7BoLiF4O5g05+McyUOdE HI9ibolUfv+HoZlCDC93MBJvopWgd1/oqReHML5n2GXPBESYXpRstL04qwaRqu9g AvofhX88EwHefTXmljVTL4W1KgMJuhhPxVLdimxoqd0/hjagZtA7B7R05khigC5k nHMFoRogSPjI9H4vI2raYaOqC26zmrZNbk/CRVhuUbtDOG9qy9okjc+6KM9RcbXC ha++EhrGXPjCg5SwrQAZ50nW3Jwif2WpSeULfTrqHr2E8nHGUCHDMMtdDwegFH/X FK0dVaNPgrayw1Dji+fhBQz3qR7pl/1DK+gsLtREafxY0+AxZ57kCi51CykT/dLs eC4bOPaoho91KuLFrT+X/AyAASS/00VuroFJB4sWQUvEpBCnWPUW1m3NvjsyoYuj 0wmQMVM5Bb/aYuWAM+/V9MeoklmtIn+OPAXqsVvLxdbB0GScwJV86/NvsN6Nde6c twImfMCK1V75FPrIsxx37M52AYWvALgXbWoVi4aQPyPeDerQdgUPL1FzTGzem0NQ PnXhuE27H/pJz79DosW8md0RFr+tfPgZ8CeTirXSUUXFiqhcXR/w1lqN2vlmfm8V dmwgzvu9A7ZhG++JRqbbMx2D+NS4coGgRdA7XPuRrdNKniRIDhQ= =pN/j -----END PGP SIGNATURE----- . Solution: For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html For Red Hat OpenShift Logging 5.1, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libwebp security update Advisory ID: RHSA-2021:4231-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4231 Issue date: 2021-11-09 CVE Names: CVE-2018-25009 CVE-2018-25010 CVE-2018-25012 CVE-2018-25013 CVE-2018-25014 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 ==================================================================== 1. Summary: An update for libwebp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: libwebp-1.0.0-5.el8.src.rpm aarch64: libwebp-1.0.0-5.el8.aarch64.rpm libwebp-debuginfo-1.0.0-5.el8.aarch64.rpm libwebp-debugsource-1.0.0-5.el8.aarch64.rpm libwebp-devel-1.0.0-5.el8.aarch64.rpm libwebp-java-debuginfo-1.0.0-5.el8.aarch64.rpm libwebp-tools-debuginfo-1.0.0-5.el8.aarch64.rpm ppc64le: libwebp-1.0.0-5.el8.ppc64le.rpm libwebp-debuginfo-1.0.0-5.el8.ppc64le.rpm libwebp-debugsource-1.0.0-5.el8.ppc64le.rpm libwebp-devel-1.0.0-5.el8.ppc64le.rpm libwebp-java-debuginfo-1.0.0-5.el8.ppc64le.rpm libwebp-tools-debuginfo-1.0.0-5.el8.ppc64le.rpm s390x: libwebp-1.0.0-5.el8.s390x.rpm libwebp-debuginfo-1.0.0-5.el8.s390x.rpm libwebp-debugsource-1.0.0-5.el8.s390x.rpm libwebp-devel-1.0.0-5.el8.s390x.rpm libwebp-java-debuginfo-1.0.0-5.el8.s390x.rpm libwebp-tools-debuginfo-1.0.0-5.el8.s390x.rpm x86_64: libwebp-1.0.0-5.el8.i686.rpm libwebp-1.0.0-5.el8.x86_64.rpm libwebp-debuginfo-1.0.0-5.el8.i686.rpm libwebp-debuginfo-1.0.0-5.el8.x86_64.rpm libwebp-debugsource-1.0.0-5.el8.i686.rpm libwebp-debugsource-1.0.0-5.el8.x86_64.rpm libwebp-devel-1.0.0-5.el8.i686.rpm libwebp-devel-1.0.0-5.el8.x86_64.rpm libwebp-java-debuginfo-1.0.0-5.el8.i686.rpm libwebp-java-debuginfo-1.0.0-5.el8.x86_64.rpm libwebp-tools-debuginfo-1.0.0-5.el8.i686.rpm libwebp-tools-debuginfo-1.0.0-5.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-25009 https://access.redhat.com/security/cve/CVE-2018-25010 https://access.redhat.com/security/cve/CVE-2018-25012 https://access.redhat.com/security/cve/CVE-2018-25013 https://access.redhat.com/security/cve/CVE-2018-25014 https://access.redhat.com/security/cve/CVE-2020-36330 https://access.redhat.com/security/cve/CVE-2020-36331 https://access.redhat.com/security/cve/CVE-2020-36332 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYrdV9zjgjWX9erEAQjPKw//b87QnRCt7mK8HBE36Ryh32/KlNTbdNl6 KXkxyVMUVTaofuqdPoXmJOCUkaVUIxypxj4rnYKDIkRiWMIjTs11j5N17GRbUzC8 j0BLMniOja5AoeYJaRd3hSaJEh4Pwq7a1kYhlxwcJxQ2XUHLBNa8++aItgRcpfOv ANQKsfjppoLqTAvgSNwvbLEG+yiObS/oj3wxZpIL1LVgAFiHQZBgAQYci6Oi712Y O3zyuq5jWkGcPtvp+v62fv3vVM4lqMcDna59O8DpcPmgwDgnJjQv8hd6WsIjMc6l ofXaipBrUlr5viTMDBMt36Vel2M4mvIcfrA+4walNO0mGpMrB/2ukqyn2yMzO8dl zmMGw4XsBFVKvqjkjiIApyn2UtmPelOyjDwr0WnUvrx/CprW/cxhA1Ou1tSPwMEE 0DIvANBtNLMm//1juXKSUUew8lKy32I06hrp9bLq44p15DeC1cab7V1cb1e+urWm Pa3ZiUHvFpiKK5hRrAx64I0ZDle0vgwe92OIi5ibT+FT6F5dL4cnbhv/6pDi/saP YDZlQNidSs8QYRWRJdXCH7EDCRyncZjFKTrnuJhpJ/Iz8cCIl0JjtnbeVaW7iHsI qnqSANHZV+iVrSJEav8JLmWWkrf9HYlixI6udpG5cZmNt4Be9q6f8WIguq7mPy3k lJzqUU7nXTw=nPk5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary: The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/): 2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef" 5. ========================================================================== Ubuntu Security Notice USN-4971-1 June 01, 2021 libwebp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: libwebp could be made to crash or run programs as your login if it opened a specially crafted file. Details: It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: libwebp6 0.6.1-2ubuntu0.21.04.1 libwebpdemux2 0.6.1-2ubuntu0.21.04.1 libwebpmux3 0.6.1-2ubuntu0.21.04.1 Ubuntu 20.10: libwebp6 0.6.1-2ubuntu0.20.10.1 libwebpdemux2 0.6.1-2ubuntu0.20.10.1 libwebpmux3 0.6.1-2ubuntu0.20.10.1 Ubuntu 20.04 LTS: libwebp6 0.6.1-2ubuntu0.20.04.1 libwebpdemux2 0.6.1-2ubuntu0.20.04.1 libwebpmux3 0.6.1-2ubuntu0.20.04.1 Ubuntu 18.04 LTS: libwebp6 0.6.1-2ubuntu0.18.04.1 libwebpdemux2 0.6.1-2ubuntu0.18.04.1 libwebpmux3 0.6.1-2ubuntu0.18.04.1 In general, a standard system update will make all the necessary changes

Trust: 2.43

sources: NVD: CVE-2020-36330 // JVNDB: JVNDB-2018-016580 // VULHUB: VHN-391909 // VULMON: CVE-2020-36330 // PACKETSTORM: 169076 // PACKETSTORM: 165286 // PACKETSTORM: 165287 // PACKETSTORM: 165288 // PACKETSTORM: 164842 // PACKETSTORM: 165631 // PACKETSTORM: 162900

AFFECTED PRODUCTS

vendor:webmprojectmodel:libwebpscope:ltversion:1.0.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:14.7

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:8.0

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:14.7

Trust: 1.0

vendor:netappmodel:ontap select deploy administration utilityscope:eqversion: -

Trust: 1.0

vendor:the webmmodel:libwebpscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:netappmodel:ontap select deploy administration utilityscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-016580 // NVD: CVE-2020-36330

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-36330
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-36330
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202105-1386
value: CRITICAL

Trust: 0.6

VULHUB: VHN-391909
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-36330
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-36330
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-391909
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-36330
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2020-36330
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-391909 // VULMON: CVE-2020-36330 // CNNVD: CNNVD-202105-1386 // JVNDB: JVNDB-2018-016580 // NVD: CVE-2020-36330

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

problemtype:Out-of-bounds read (CWE-125) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-391909 // JVNDB: JVNDB-2018-016580 // NVD: CVE-2020-36330

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 162900 // CNNVD: CNNVD-202105-1386

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202105-1386

PATCH

title:HT212601 Apple  Security updateurl:https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html

Trust: 0.8

title:libwebp Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=151883

Trust: 0.6

title:Debian Security Advisories: DSA-4930-1 libwebp -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=6dad0021173658916444dfc89f8d2495

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform 4.11.0 bug fix and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225069 - Security Advisory

Trust: 0.1

sources: VULMON: CVE-2020-36330 // CNNVD: CNNVD-202105-1386 // JVNDB: JVNDB-2018-016580

EXTERNAL IDS

db:NVDid:CVE-2020-36330

Trust: 4.1

db:PACKETSTORMid:164842

Trust: 0.8

db:PACKETSTORMid:165287

Trust: 0.8

db:PACKETSTORMid:162900

Trust: 0.8

db:PACKETSTORMid:165286

Trust: 0.8

db:JVNDBid:JVNDB-2018-016580

Trust: 0.8

db:PACKETSTORMid:163076

Trust: 0.7

db:CNNVDid:CNNVD-202105-1386

Trust: 0.7

db:AUSCERTid:ESB-2022.3977

Trust: 0.6

db:AUSCERTid:ESB-2021.2102

Trust: 0.6

db:AUSCERTid:ESB-2021.1965

Trust: 0.6

db:AUSCERTid:ESB-2021.4254

Trust: 0.6

db:AUSCERTid:ESB-2021.2485.2

Trust: 0.6

db:AUSCERTid:ESB-2021.1880

Trust: 0.6

db:AUSCERTid:ESB-2021.3905

Trust: 0.6

db:AUSCERTid:ESB-2021.1914

Trust: 0.6

db:AUSCERTid:ESB-2021.3789

Trust: 0.6

db:AUSCERTid:ESB-2022.0245

Trust: 0.6

db:AUSCERTid:ESB-2021.1959

Trust: 0.6

db:AUSCERTid:ESB-2021.4229

Trust: 0.6

db:CS-HELPid:SB2021072216

Trust: 0.6

db:CS-HELPid:SB2021061301

Trust: 0.6

db:CS-HELPid:SB2021060725

Trust: 0.6

db:PACKETSTORMid:163645

Trust: 0.6

db:PACKETSTORMid:165288

Trust: 0.2

db:VULHUBid:VHN-391909

Trust: 0.1

db:VULMONid:CVE-2020-36330

Trust: 0.1

db:PACKETSTORMid:169076

Trust: 0.1

db:PACKETSTORMid:165631

Trust: 0.1

sources: VULHUB: VHN-391909 // VULMON: CVE-2020-36330 // PACKETSTORM: 169076 // PACKETSTORM: 165286 // PACKETSTORM: 165287 // PACKETSTORM: 165288 // PACKETSTORM: 164842 // PACKETSTORM: 165631 // PACKETSTORM: 162900 // CNNVD: CNNVD-202105-1386 // JVNDB: JVNDB-2018-016580 // NVD: CVE-2020-36330

REFERENCES

url:https://bugzilla.redhat.com/show_bug.cgi?id=1956853

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-36330

Trust: 2.0

url:https://www.debian.org/security/2021/dsa-4930

Trust: 1.9

url:https://security.netapp.com/advisory/ntap-20211104-0004/

Trust: 1.8

url:https://support.apple.com/kb/ht212601

Trust: 1.8

url:http://seclists.org/fulldisclosure/2021/jul/54

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-25013

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-25009

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-25010

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-25014

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0245

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3977

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1959

Trust: 0.6

url:https://packetstormsecurity.com/files/165287/red-hat-security-advisory-2021-5127-05.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060725

Trust: 0.6

url:https://vigilance.fr/vulnerability/libwebp-five-vulnerabilities-35580

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2485.2

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1965

Trust: 0.6

url:https://packetstormsecurity.com/files/165286/red-hat-security-advisory-2021-5128-06.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072216

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3789

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3905

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1914

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4229

Trust: 0.6

url:https://support.apple.com/en-us/ht212601

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1880

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021061301

Trust: 0.6

url:https://packetstormsecurity.com/files/163645/apple-security-advisory-2021-07-21-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4254

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2102

Trust: 0.6

url:https://packetstormsecurity.com/files/163076/ubuntu-security-notice-usn-4971-2.html

Trust: 0.6

url:https://packetstormsecurity.com/files/162900/ubuntu-security-notice-usn-4971-1.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164842/red-hat-security-advisory-2021-4231-04.html

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2018-25013

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2018-25012

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2018-25014

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2018-25012

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-36331

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-36330

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-36332

Trust: 0.5

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://bugzilla.redhat.com/):

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2018-25009

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2018-25010

Trust: 0.5

url:https://access.redhat.com/security/team/contact/

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-36331

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-16135

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3200

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-35522

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-35524

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-27645

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-33574

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-43527

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-14145

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-14145

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-35521

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-35942

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3572

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-12762

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-22898

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-12762

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-16135

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-17541

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3800

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-31535

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3445

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-22925

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-20266

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-33560

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3481

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-35523

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-28153

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3426

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.4

url:https://access.redhat.com/security/vulnerabilities/rhsb-2021-009

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-35524

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-24370

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-35522

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-37136

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-44228

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-35523

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-17541

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-37137

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-21409

Trust: 0.3

url:https://issues.jboss.org/):

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-35521

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-36332

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3778

Trust: 0.2

url:https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3796

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20317

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-43267

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36328

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36329

Trust: 0.1

url:https://security-tracker.debian.org/tracker/libwebp

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25011

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20673

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5128

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20673

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5127

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5129

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4231

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27823

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3733

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1870

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3575

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30758

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15389

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-5727

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33929

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-5785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41617

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30665

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12973

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30689

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20847

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30682

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33928

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10001

Trust: 0.1

url:https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22946

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-18032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1801

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33930

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1765

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4658

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26927

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20847

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27918

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30749

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30795

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-5785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1788

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-5727

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30744

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21775

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21806

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27814

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36241

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30797

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4658

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20321

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27842

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1799

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21779

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10001

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20271

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3948

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22947

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27828

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12973

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1844

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1871

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29338

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30734

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26926

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30720

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28650

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24870

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1789

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30663

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30799

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3272

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0202

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15389

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27824

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libwebp/0.6.1-2ubuntu0.20.10.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libwebp/0.6.1-2ubuntu0.20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libwebp/0.6.1-2ubuntu0.18.04.1

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-4971-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libwebp/0.6.1-2ubuntu0.21.04.1

Trust: 0.1

sources: VULHUB: VHN-391909 // VULMON: CVE-2020-36330 // PACKETSTORM: 169076 // PACKETSTORM: 165286 // PACKETSTORM: 165287 // PACKETSTORM: 165288 // PACKETSTORM: 164842 // PACKETSTORM: 165631 // PACKETSTORM: 162900 // CNNVD: CNNVD-202105-1386 // JVNDB: JVNDB-2018-016580 // NVD: CVE-2020-36330

CREDITS

Red Hat

Trust: 0.5

sources: PACKETSTORM: 165286 // PACKETSTORM: 165287 // PACKETSTORM: 165288 // PACKETSTORM: 164842 // PACKETSTORM: 165631

SOURCES

db:VULHUBid:VHN-391909
db:VULMONid:CVE-2020-36330
db:PACKETSTORMid:169076
db:PACKETSTORMid:165286
db:PACKETSTORMid:165287
db:PACKETSTORMid:165288
db:PACKETSTORMid:164842
db:PACKETSTORMid:165631
db:PACKETSTORMid:162900
db:CNNVDid:CNNVD-202105-1386
db:JVNDBid:JVNDB-2018-016580
db:NVDid:CVE-2020-36330

LAST UPDATE DATE

2026-07-13T22:42:54.772000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-391909date:2021-11-30T00:00:00
db:VULMONid:CVE-2020-36330date:2021-11-30T00:00:00
db:CNNVDid:CNNVD-202105-1386date:2022-12-09T00:00:00
db:JVNDBid:JVNDB-2018-016580date:2022-01-27T08:54:00
db:NVDid:CVE-2020-36330date:2026-06-17T03:15:19.467

SOURCES RELEASE DATE

db:VULHUBid:VHN-391909date:2021-05-21T00:00:00
db:VULMONid:CVE-2020-36330date:2021-05-21T00:00:00
db:PACKETSTORMid:169076date:2021-06-28T19:12:00
db:PACKETSTORMid:165286date:2021-12-15T15:20:33
db:PACKETSTORMid:165287date:2021-12-15T15:20:43
db:PACKETSTORMid:165288date:2021-12-15T15:22:36
db:PACKETSTORMid:164842date:2021-11-10T17:05:32
db:PACKETSTORMid:165631date:2022-01-20T17:48:29
db:PACKETSTORMid:162900date:2021-06-01T15:15:43
db:CNNVDid:CNNVD-202105-1386date:2021-05-21T00:00:00
db:JVNDBid:JVNDB-2018-016580date:2022-01-27T00:00:00
db:NVDid:CVE-2020-36330date:2021-05-21T17:15:08.353