Red Hat Enterprise Linux 8 update for the php:7.3 module
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 22 |
| CVE-ID | CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042 CVE-2019-11045 CVE-2019-11047 CVE-2019-11048 CVE-2019-11050 CVE-2019-13224 CVE-2019-13225 CVE-2019-16163 CVE-2019-19203 CVE-2019-19204 CVE-2019-19246 CVE-2019-20454 CVE-2020-7059 CVE-2020-7060 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7065 CVE-2020-7066 |
| CWE-ID | CWE-190 CWE-125 CWE-20 CWE-400 CWE-416 CWE-476 CWE-126 CWE-276 CWE-121 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #12 is available. Public exploit code for vulnerability #13 is available. |
| Vulnerable software |
Red Hat Enterprise Linux for x86_64 - Extended Update Support Operating systems & Components / Operating system Red Hat Enterprise Linux Server - AUS Operating systems & Components / Operating system Red Hat Enterprise Linux for IBM z Systems - Extended Update Support Operating systems & Components / Operating system Red Hat Enterprise Linux for Power, little endian - Extended Update Support Operating systems & Components / Operating system Red Hat Enterprise Linux for ARM 64 - Extended Update Support Operating systems & Components / Operating system Red Hat Enterprise Linux Server - TUS Operating systems & Components / Operating system Red Hat Enterprise Linux for ARM 64 Operating systems & Components / Operating system Red Hat Enterprise Linux for Power, little endian Operating systems & Components / Operating system Red Hat Enterprise Linux for IBM z Systems Operating systems & Components / Operating system Red Hat Enterprise Linux for x86_64 Operating systems & Components / Operating system |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 22 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU19277
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-11039
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to integer overflow in iconv_mime_decode_headers() function when processing MIME headers. A remote attacker can trigger integer overflow and gain access to sensitive information or trigger application crash.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU19278
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-11040
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in exif_read_data() function when parsing EXIF data. A remote attacker can create a specially crafted image, pass it to the affected application, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU21218
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-11041
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the exif_read_data() function. A remote attacker can create a specially crafted image file, pass it to the application, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU21217
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-11042
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the exif_read_data() function in PHP EXIF extention. A remote attacker can create a specially crafted image file, pass it to the application, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU33363
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-11045
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded � byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU33364
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-11047
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Resource exhaustion
EUVDB-ID: #VU28318
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-11048
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the way PHP handles long filenames or field names during file upload. A remote attacker can supply an overly long filename to the application that will lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This will lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU33365
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-11050
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU20904
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2019-13224
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the onig_new_deluxe() function in regext.c in Oniguruma library when processing regular expressions. A remote attacker can pass specially crafted input to the application using the vulnerable library version, trigger use-after-free error and perform denial of service attack or execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU20906
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-13225
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in match_at() function in regcomp.c in Oniguruma library. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Resource exhaustion
EUVDB-ID: #VU30789
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-16163
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer Over-read
EUVDB-ID: #VU22932
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2019-19203
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in the "gb18030_mbc_enc_len" function in "gb18030.c" file due to the UChar pointer is dereferenced without checking if it passed the end of the matched string. A remote attacker can cause a denial of service condition on the target system.
Install updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
13) Buffer Over-read
EUVDB-ID: #VU22933
Risk: Medium
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2019-19204
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in the "fetch_interval_quantifier" function (formerly known as fetch_range_quantifier) in "regparse.c" file due to the PFETCH is called without checking PEND. A remote attacker can cause a denial of service condition on the target system. MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
14) Out-of-bounds read
EUVDB-ID: #VU23097
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-19246
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in str_lower_case_match in regexec.c, if used with PPH 7.3. A remote attacker can perform a denial of service attack or gain access to sensitive information.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU29116
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-20454
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in the "do_extuni_no_utf in pcre2_jit_compile.c" file when the pattern X is JIT compiled and used to match specially crafted subjects in non-UTF mode. A remote attacker can trigger out-of-bounds read error and crash the affected application.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU25109
Risk: High
CVSSv4.0: 6.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-7059
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when using the "fgetss()" function to read data with stripping tags. A remote attacker can supply data that will cause this function to read past the allocated buffer, trigger out-of-bounds read error and read contents of memory on the system or crash the application.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Out-of-bounds read
EUVDB-ID: #VU25110
Risk: High
CVSSv4.0: 6.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-7060
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when using certain "mbstring" functions to convert multibyte encodings. A remote attacker can supply data that will cause function "mbfl_filt_conv_big5_wchar" to read past the allocated buffer, trigger out-of-bounds read error and read contents of memory on the system or crash the application.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU25594
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-7062
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in session.c when handling file uploads. A remote attacker can send a specially crafted HTTP POST request to the affected application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Incorrect default permissions
EUVDB-ID: #VU25592
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-7063
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to incorrect default permissions for files and folders that are set during the Phar::buildFromIterator() call when adding files into tar archive. A local user can extract files from tar archive and gain access to otherwise restricted information.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3662
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU26259
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-7064
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within exif_read_data() PHP function. A remote attacker can pass specially crafted data to the application that uses the vulnerable function, trigger one byte out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Stack-based buffer overflow
EUVDB-ID: #VU26260
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-7065
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within php_unicode_tolower_full() function, as demonstrated by the mb_strtolower() call. A remote attacker can pass specially crafted data to the application that uses affected function, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Input validation error
EUVDB-ID: #VU26257
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-7066
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to get_headers() PHP function silently truncates headers after receiving a NULL byte character. A remote attacker can abuse this behavior to bypass implemented security restrictions with in the application.
Install updates from vendor's website.
Red Hat Enterprise Linux for x86_64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - AUS: 8.2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support: 8.2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support: 8.2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support: 8.2
Red Hat Enterprise Linux Server - TUS: 8.2
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_x86_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64_-_extended_update_support:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.2:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2020:3662
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
