SB2023033007 - Multiple vulnerabilities in Service Telemetry Framework

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023033007

SB2023033007 - Multiple vulnerabilities in Service Telemetry Framework

Published: March 30, 2023

Security Bulletin ID SB2023033007
Severity
Medium
Patch available
YES
Number of vulnerabilities 15
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 73% Low 27%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 15 secuirty vulnerabilities.


1) Use of insufficiently random values (CVE-ID: CVE-2022-30629)

The vulnerability allows a remote attacker gain access to sensitive information.

The vulnerability exists in crypto/tls implementation when generating TLS tickets age. The newSessionTicketMsgTLS13.ageAdd is always set to "0" instead of a random value.


2) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2022-41717)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to excessive memory growth when handling HTTP/2 server requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.


3) Resource exhaustion (CVE-ID: CVE-2022-41715)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in regexp/syntax when handling regular expressions. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


4) Input validation error (CVE-ID: CVE-2022-32189)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in
Float.GobDecode. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


5) Resource exhaustion (CVE-ID: CVE-2022-30632)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when calling Glob on a path that contains a large number of path separators. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


6) Resource exhaustion (CVE-ID: CVE-2022-30631)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in Reader.Read method when handling an archive that contains a large number of concatenated 0-length compressed files. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


7) Resource exhaustion (CVE-ID: CVE-2022-30630)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when calling Glob on a path that contains a large number of path separators. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-29526)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the Faccessat function can incorrectly report that a file is accessible, when called with a non-zero flags parameter. An attacker can bypass implemented security restrictions.


9) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-1705)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of Transfer-Encoding headers in HTTP/1 responses. A remote attacker can send a specially crafted HTTP/1 response to the client and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


10) Integer overflow (CVE-ID: CVE-2022-28327)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to integer overflow in the Golang's library crypto/elliptic. A remote attacker can send a specially crafted scalar input longer than 32 bytes to cause P256().ScalarMult or P256().ScalarBaseMult to panic and perform a denial of service attack.


11) Input validation error (CVE-ID: CVE-2022-27664)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


12) Buffer overflow (CVE-ID: CVE-2022-24675)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the Golang's library encoding/pem. A remote attacker can send to victim a large (more than 5 MB) PEM input to cause a stack overflow in Decode and perform a denial of service (DoS) attack.


13) Unchecked Return Value (CVE-ID: CVE-2022-23806)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to unchecked return value within the Curve.IsOnCurve() function in crypto/elliptic. A remote attacker can force the application to incorrectly return true in situations with a big.Int value that is not a valid field element. As a result, an attacker can modify application flow, which can lead to unauthorized data modification or denial of service.


14) Incorrect authorization (CVE-ID: CVE-2022-23773)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists within cmd/go, which can misinterpret branch names that falsely appear to be version tags. This can lead to  a situation where an attacker can bypass implemented security restrictions and perform restricted actions, e.g. create tags when access was granted to create branches only.


15) Resource exhaustion (CVE-ID: CVE-2022-23772)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the Rat.SetString(0 function in math/big. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References