ID

VAR-202302-0195

CVE

CVE-2022-4450

TITLE

OpenSSL  Double release vulnerability in

DESCRIPTION

The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue. OpenSSL has payload data 0 become a part-time worker PEM When creating a file, PEM_read_bio_ex() A double free vulnerability exists because when returns a failure code, it introduces a pointer to an already freed buffer into the header argument.Malicious by attacker PEM Denial of service by providing files ( crash ) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5343-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 07, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl CVE ID : CVE-2022-2097 CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 Debian Bug : 1023424 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit, which may result in incomplete encryption, side channel attacks, denial of service or information disclosure. Additional details can be found in the upstream advisories at https://www.openssl.org/news/secadv/20220705.txt and https://www.openssl.org/news/secadv/20230207.txt For the stable distribution (bullseye), these problems have been fixed in version 1.1.1n-0+deb11u4. We recommend that you upgrade your openssl packages. For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmPivONfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RBCA/+IqJ9qtjytulO41yPphASSEu22XVN9EYAUsdcpsTmnDtp1zUQSZpQv5qk 464Z2+0SkNtiHm5O5z5fs4LX0wXYBvLYrFnh2X2Z6rT+YFhXg8ZdEo+IysYSV7gB utbb1zbSqUSSLmlF/r6SnXy+HlTyB56p+k0MnLNHejes6DoghebZJGU6Dl5D8Z2J wOB6xi2sS3zVl1O+8//PPk5Sha8ESShuP/sBby01Xvpl65+8Icn7dXXHFNUn27rZ WdQCdxJaUJiqjZYzI5XAB+zHl8KNDiWP9MqIeT3g+YQ+nzSTeHxRPXDTDvClMv9y CJ90PaCY1DBNh5NrE2/IZkpIOKvTjRX3+db7Nab2GyRzLCP7p+1Bm14zHiKRHPOR t/6yX11diIF2zvlP/7qeCGkutv9KrFjSW81o1GgJMdt8uduHa95IgKNNUsA6Wf3O SkUP4EYfhXs2+TIfEenvqLuAmLsQBCRCvNDdmEGhtR4r0hpvcJ4eOaDBE6FWih1J i0mpDIjBYOV2iEUe85XfYflrcFfaxSwbl4ultH3Q3eWtiMwLgXqJ9dKRQEXJX7hp 48zKPwnftJbGBri9Y293sMjcpv3F/PTjXMh8LcUSVDkVVdQ8cLSmdmP4v4wSzV/q Z7KATUs6YAod4ts5u3/zD97Mzk0Xiecw/ggevbCfCvQTByk02Fg=lXE/ -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-6564-1 January 03, 2024 nodejs vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Node.js. Software Description: - nodejs: An open-source, cross-platform JavaScript runtime environment. Details: Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. (CVE-2022-4304) CarpetFuzz, Dawei Wang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-4450) Octavio Galland and Marcel Böhme discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-0215) David Benjamin discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-0286) Hubert Kario and Dmitry Belyavsky discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-0401) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: libnode-dev 12.22.9~dfsg-1ubuntu3.3 libnode72 12.22.9~dfsg-1ubuntu3.3 nodejs 12.22.9~dfsg-1ubuntu3.3 In general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/): 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 4.11.45 bug fix and security update Advisory ID: RHSA-2023:4053-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:4053 Issue date: 2023-07-19 CVE Names: CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-20838 CVE-2020-14155 CVE-2020-24370 CVE-2020-35525 CVE-2020-35527 CVE-2021-3580 CVE-2021-3634 CVE-2021-20231 CVE-2021-20232 CVE-2021-23177 CVE-2021-31566 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-40528 CVE-2022-1271 CVE-2022-1586 CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 CVE-2022-4304 CVE-2022-4450 CVE-2022-21235 CVE-2022-24407 CVE-2022-29824 CVE-2022-34903 CVE-2022-37434 CVE-2022-38177 CVE-2022-38178 CVE-2022-40674 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898 CVE-2022-47629 CVE-2023-0215 CVE-2023-0361 CVE-2023-1281 CVE-2023-24329 CVE-2023-32233 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.11.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.45. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2023:4052 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html Security Fix(es): * github.com/Masterminds/vcs: Command Injection via argument injection (CVE-2022-21235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags. The sha values for the release are (For x86_64 architecture) The image digest is sha256:c6771b12bd873c0e3e5fbc7afa600d92079de6534dcb52f09cb1d22ee49608a9 (For s390x architecture) The image digest is sha256:622b5361f95d1d512ea84f363ac06155cbb9ee28e85ccaae1acd80b98b660fa8 (For ppc64le architecture) The image digest is sha256:50c131cf85dfb00f258af350a46b85eff8fb8084d3e1617520cd69b59caeaff7 (For aarch64 architecture) The image digest is sha256:9e575c4ece9caaf31acbef246ccad71959cd5bf634e7cb284b0849ddfa205ad7 All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2215317 - CVE-2022-21235 github.com/Masterminds/vcs: Command Injection via argument injection 5. JIRA issues fixed (https://issues.redhat.com/): OCPBUGS-15446 - (release-4.11) gather "gateway-mode-config" config map from "openshift-network-operator" namespace OCPBUGS-15532 - visiting Configurations page returns error Cannot read properties of undefined (reading 'apiGroup') OCPBUGS-15645 - Can't use git lfs in BuildConfig git source with strategy Docker OCPBUGS-15739 - Environment cannot find Python OCPBUGS-15758 - [release-4.11] Bump Jenkins and Jenkins Agent Base image versions OCPBUGS-15942 - 9% of OKD tests failing on error: tag latest failed: Internal error occurred: registry.centos.org/dotnet/dotnet-31-centos7:latest: Get "https://registry.centos.org/v2/": dial tcp: lookup registry.centos.org on 172.30.0.10:53: no such host OCPBUGS-15966 - [4.12] MetalLB contains incorrect data Correct and incorrect MetalLB resources coexist should have correct statuses 6. References: https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-35525 https://access.redhat.com/security/cve/CVE-2020-35527 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-21235 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-38177 https://access.redhat.com/security/cve/CVE-2022-38178 https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/cve/CVE-2022-42010 https://access.redhat.com/security/cve/CVE-2022-42011 https://access.redhat.com/security/cve/CVE-2022-42012 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-1281 https://access.redhat.com/security/cve/CVE-2023-24329 https://access.redhat.com/security/cve/CVE-2023-32233 https://access.redhat.com/security/updates/classification/#important https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJkt2rsAAoJENzjgjWX9erEDZUP/34f/AgUOiiVZ6B7LrKb8xYN sEAom2h8cUMUzX2LLY0N/Wfa/Zhq555tRHaitThG/vJN5ETrPFu7gWoizisFLHWl ovCf5sDkSX0WAhVywcdJIxLOge9Mt719HJk+zX5edhHMQMrmfZ7YVR55DAODnwuX 2nj6DR2XixfK1INosMoZm/xtZg+e6v9fzMY6oTCeAufyaim3YAbZwi3Kmdj0ye4s /y6ooyaZIzTzNTRhTwYsIGrHBZwr1NUt8RnVxX4XMID1HWHf3gAcEy1dez9QnSIp BFzEweZS51cpA0Dn1/AQrK7F+NYLFhdZNlPCDJj+DRSHwDbb0CgcDrFk0otufkYy fNOumjMCTj+IdLQpiLSPXRjN1krbg1FdlqlBKRBNgXMYAicticrMMm9jGcggmbOE N84ANhaamgzw+IElEByihieVO/81alQYZP9TjT8Wfu+CSGvHUP4DnCLvJYCuRaeg oIc8ItWfzoVBMVizzOK8Dei5Bvg8ZrVG7ePAyQP0gtYlAJQ/pE5BLEhJXSLlvyGb 0Wd/Sj0djLTn8ADV8TvA7NfwyxbU8ce3IhuS7zvtGqpFRWb0kYoYh+16Onmhq5iw X/Jd9JqAWknGjZfy3OHa8kFgVnq5qqNmI3wGBRKs4gUOoxrceUXMFR3YbUxuU9Lp 129R2QWY1i5pRtAPA1gV =OZCr -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/): 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode 5. Description: Multicluster Engine for Kubernetes 2.2.3 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Security fix(es): * CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability * CVE-2023-29017 vm2: Sandbox Escape * CVE-2023-29199 vm2: Sandbox Escape * CVE-2023-30547 vm2: Sandbox Escape when exception sanitization Jira issue addressed: * ACM-4346: MCE 2.2.3 images 3. Solution: For multicluster engine for Kubernetes, see the following documentation for details on how to install the images: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/clusters/cluster_mce_overview#installing-while-connected-online-mce 4. Bugs fixed (https://bugzilla.redhat.com/): 2165824 - CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability 2185374 - CVE-2023-29017 vm2: sandbox escape 2187409 - CVE-2023-29199 vm2: Sandbox Escape 2187608 - CVE-2023-30547 vm2: Sandbox Escape when exception sanitization 5. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName 2164487 - CVE-2022-4304 openssl: timing attack in RSA Decryption implementation 2164492 - CVE-2023-0215 openssl: use-after-free following BIO_new_NDEF 2164494 - CVE-2022-4450 openssl: double free after calling PEM_read_bio_ex 6. JIRA issues fixed (https://issues.redhat.com/): JWS-2933 - Update openssl from JBCS to versions from 2.4.51-SP2 7. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

resource management error

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-04-26T19:49:11.634000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE