Cloud Foundry Foundation cflinuxfs3 update for kernel



Published: 2022-11-21
Risk Low
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2017-6888
CVE-2020-0499
CVE-2021-0561
CWE-ID CWE-401
CWE-125
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		cflinuxfs3
Other software / Other software solutions

Vendor Cloud Foundry Foundation

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Memory leak

EUVDB-ID: #VU12888

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-6888

CWE-ID: CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the "read_metadata_vorbiscomment_()" function in src/libFLAC/stream_decoder.c due to memory leak. A remote attacker can trick the victim into opening a specially crafted FLAC file and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

cflinuxfs3: before 0.337.0

CPE2.3
External links

http://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.337.0

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Out-of-bounds read

EUVDB-ID: #VU69466

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-0499

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a boundary condition within the FLAC__bitreader_read_rice_signed_block() function in bitreader.c. A local user can trigger an out-of-bounds read error and gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

cflinuxfs3: before 0.337.0

CPE2.3
External links

http://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.337.0

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Out-of-bounds read

EUVDB-ID: #VU69342

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-0561

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the append_to_verify_fifo_interleaved_ in stream_encoder.c in Media Framework. A local application can trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

cflinuxfs3: before 0.337.0

CPE2.3
External links

http://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.337.0

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###