Multiple vulnerabilities in Oracle Solaris



Published: 2022-07-20 | Updated: 2022-11-15
Risk High
Patch available YES
Number of vulnerabilities 20
CVE-ID CVE-2022-24675
CVE-2022-31747
CVE-2022-31742
CVE-2022-31741
CVE-2022-31740
CVE-2022-31739
CVE-2022-31738
CVE-2022-31737
CVE-2022-28327
CVE-2022-23773
CVE-2021-21708
CVE-2022-23772
CVE-2021-29923
CVE-2022-1271
CVE-2022-29824
CVE-2022-1834
CVE-2022-31736
CVE-2022-24801
CVE-2022-25762
CVE-2022-23806
CWE-ID CWE-120
CWE-119
CWE-200
CWE-457
CWE-22
CWE-451
CWE-787
CWE-190
CWE-863
CWE-416
CWE-400
CWE-20
CWE-444
CWE-388
CWE-252
Exploitation vector Network
Public exploit Public exploit code for vulnerability #10 is available.
Public exploit code for vulnerability #11 is available.
Vulnerable software
Subscribe
Oracle Solaris
Operating systems & Components / Operating system

Vendor Oracle

Security Bulletin

This security bulletin contains information about 20 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU64266

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-24675

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the Golang's library encoding/pem. A remote attacker can send to victim a large (more than 5 MB) PEM input to cause a stack overflow in Decode and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinjul2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Buffer overflow

EUVDB-ID: #VU63879

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-31747

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinjul2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Information disclosure

EUVDB-ID: #VU63878

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-31742

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error when handling a large number of allowCredential entries. A remote attacker can trick the victim to visit a specially crafted website, launch a timing attack and detect the difference between invalid key handles and cross-origin key handles. Successful exploitation of the vulnerability can lead to cross-origin account linking in violation of WebAuthn goals.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinjul2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Use of Uninitialized Variable

EUVDB-ID: #VU63877

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-31741

CWE-ID: CWE-457 - Use of Uninitialized Variable

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinjul2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Buffer overflow

EUVDB-ID: #VU63876

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-31740

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error related to register allocation problem in WASM on arm64. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinjul2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Path traversal

EUVDB-ID: #VU63875

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-31739

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when saving downloaded files on Windows. A remote attacker can use the "%" character in filename to store data outside the intended directory using Windows environment variables, such as %HOMEPATH% or %APPDATA%.

The vulnerability affects Windows installations only.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinjul2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Spoofing attack

EUVDB-ID: #VU63874

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-31738

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error when exiting fullscreen mode. A remote attacker can use an iframe to confused the browser about the current state of fullscreen and perform spoofing attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinjul2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Out-of-bounds write

EUVDB-ID: #VU63873

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-31737

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error in WebGL when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinjul2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Integer overflow

EUVDB-ID: #VU64269

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-28327

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to integer overflow in the Golang's library crypto/elliptic. A remote attacker can send a specially crafted scalar input longer than 32 bytes to cause P256().ScalarMult or P256().ScalarBaseMult to panic and perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinjul2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Incorrect authorization

EUVDB-ID: #VU62037

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-23773

CWE-ID: CWE-863 - Incorrect Authorization

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists within cmd/go, which can misinterpret branch names that falsely appear to be version tags. This can lead to  a situation where an attacker can bypass implemented security restrictions and perform restricted actions, e.g. create tags when access was granted to create branches only.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinjul2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Use-after-free

EUVDB-ID: #VU60707

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-21708

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the "php_filter_float()" function. A remote attacker can pass specially crafted input to the application that uses the affected PHP function, trigger a use-after-free error and crash the php-fpm process.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinjul2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Resource exhaustion

EUVDB-ID: #VU62038

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-23772

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the Rat.SetString(0 function in math/big. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinjul2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Input validation error

EUVDB-ID: #VU56829

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-29923

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input in net.ParseIP and net.ParseCIDR, as the Go interpreter does not properly consider extraneous zero characters at the beginning of an IP address octet. A remote attacker can bypass access control that is based on IP addresses, because of unexpected octal interpretation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinjul2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Input validation error

EUVDB-ID: #VU62002

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1271

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation when processing filenames with two or more newlines. A remote attacker can force zgrep or xzgrep to write arbitrary files on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinjul2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Integer overflow

EUVDB-ID: #VU62741

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-29824

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*). A remote attacker can pass specially crafted multi-gigabyte XML file to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinjul2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Spoofing attack

EUVDB-ID: #VU63886

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1834

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of multiple Braille Pattern Blank space characters, which results in displaying every space character. A remote attacker can spoof the email address of the sender.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinjul2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Information disclosure

EUVDB-ID: #VU63872

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-31736

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error when processing HTTP requests. A malicious website can obtain the size of a cross-origin resource that supported Range requests.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinjul2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

18) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU62077

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-24801

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to preform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests within the twisted.web.http module. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinjul2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

19) Error Handling

EUVDB-ID: #VU63299

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-25762

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error when handling WebSocket connections. If a web application sends a WebSocket message concurrently with the WebSocket connection closing, it is possible that the application will continue to use the socket after it has been closed. As a result, subsequent connections can use the same object concurrently and share data and/or other errors.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinjul2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

20) Unchecked Return Value

EUVDB-ID: #VU62036

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-23806

CWE-ID: CWE-252 - Unchecked Return Value

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to unchecked return value within the Curve.IsOnCurve() function in crypto/elliptic. A remote attacker can force the application to incorrectly return true in situations with a big.Int value that is not a valid field element. As a result, an attacker can modify application flow, which can lead to unauthorized data modification or denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinjul2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###