Multiple vulnerabilities in Oracle VM Server for x86

1) Resource exhaustion

EUVDB-ID: #VU70587

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42319

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists in Xenstore due to allocated temporary memory is freed only after the request is completely finished. A malicious guest can allocate large amounts of memory and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory leak

EUVDB-ID: #VU74124

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1074

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak in Linux kernel Stream Control Transmission Protocol. A local user can start a malicious network service and then connect to remotely, forcing the kernel to leak memory.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource exhaustion

EUVDB-ID: #VU70582

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42326

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to missing control over the number of created nodes in Xenstore. A malicious guest can consume all available memory resources by created an unlimited number of nodes.

The vulnerability affects the C variant of Xenstore (e.g. xenstored and xenstore-stubdom).

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Resource exhaustion

EUVDB-ID: #VU70581

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42325

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to missing control over the number of created nodes in Xenstore. A malicious guest can consume all available memory resources by created an unlimited number of nodes.

The vulnerability affects the C variant of Xenstore (e.g. xenstored and xenstore-stubdom).

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Resource exhaustion

EUVDB-ID: #VU70584

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42323

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient control over consumption of internal resources in Xenstore. Two malicious guests working together can drive xenstored into an out of memory situation, resulting in a Denial of Service (DoS) of xenstored.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Resource exhaustion

EUVDB-ID: #VU70583

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42322

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient control over consumption of internal resources in Xenstore. Two malicious guests working together can drive xenstored into an out of memory situation, resulting in a Denial of Service (DoS) of xenstored.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Resource management error

EUVDB-ID: #VU70588

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42310

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within Xenstore, which can result in orphaned nodes being created and never removed in the Xenstore database. A malicious guest can cause inconsistencies in the xenstored data base, resulting in unusual error responses or memory leaks in xenstored.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) NULL pointer dereference

EUVDB-ID: #VU73783

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1095

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the nf_tables_updtable() function within the netfilter subsystem. A local user can perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper Privilege Management

EUVDB-ID: #VU46929

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-0404

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

The vulnerability allows a local authenticated user to execute arbitrary code.

In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU74123

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1073

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows an attacker to compromise the affected system.

The vulnerability exists due to a boundary error in the Linux kernel human interface device (HID) subsystem. An attacker with physical access to the system can insert in a specific way malicious USB device, trigger memory corruption and execute arbitrary code.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Uncontrolled Recursion

EUVDB-ID: #VU70585

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42321

CWE-ID: CWE-674 - Uncontrolled Recursion

Exploit availability: No

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled recursion in Xenstore. A malicious guest can create very deep nesting levels of Xenstore nodes and perform stack exhaustion on xenstored.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Resource management error

EUVDB-ID: #VU70597

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42318

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Release of invalid pointer or reference

EUVDB-ID: #VU70589

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42309

CWE-ID: CWE-763 - Release of invalid pointer or reference

Exploit availability: No

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of a wrong pointer during the node creation in Xenstore. A malicious guest can cause xenstored to crash.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Resource management error

EUVDB-ID: #VU70596

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42317

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Resource management error

EUVDB-ID: #VU70595

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42316

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Resource management error

EUVDB-ID: #VU70594

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42315

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Resource management error

EUVDB-ID: #VU70593

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42314

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Resource management error

EUVDB-ID: #VU70592

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42313

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Resource management error

EUVDB-ID: #VU70591

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42312

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Resource management error

EUVDB-ID: #VU70590

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42311

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the Xenstore. A malicious guest can allocate huge amount of memory and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU71352

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0394

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the rawv6_push_pending_frames() function in net/ipv6/raw.c. A local user can run a specially crafted program on the system and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper Privilege Management

EUVDB-ID: #VU70586

Risk: Medium

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42320

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

The vulnerability allows a malicious guest to escalate privileges.

The vulnerability exists due to improper privilege management in Xenstore. A malicious new guest domain can access resources belonging to a previous domain. The impact depends on the software in use and cal result in a denial of service, information disclosure or privilege escalation.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Information disclosure

EUVDB-ID: #VU16896

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-5489

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to a flaw in the mincore() implementation in mm/mincore.c. A local attacker can observe page cache access patterns of other processes on the same system and sniff secret information.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

24) Buffer overflow

EUVDB-ID: #VU61671

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-25032

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when compressing data. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Infinite loop

EUVDB-ID: #VU61391

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-0778

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: Yes

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the BN_mod_sqrt() function when processing an ASN.1 certificate that contains elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. A remote attacker can supply a specially crafted certificate to the TLS server or client, consume all available system resources and cause denial of service conditions.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

26) Heap-based buffer overflow

EUVDB-ID: #VU62830

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24903

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service or potentially execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when parsing data in imtcp, imptcp, imgssapi, and imhttp modules used for TCP syslog reception. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and cause a denial of service or potentially execute arbitrary code on the target system.

Successful exploitation of this vulnerability is possible if the attacker is able to directly send specially crafted messages to the rsyslog daemon or by injecting specially crafted data into log files. Vulnerability exploitation in the second scenario requires that the rsyslog client supports octet-counted framing, which is not a default configuration.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Code Injection

EUVDB-ID: #VU60736

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-25235

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the affected application lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Input validation error

EUVDB-ID: #VU60733

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-25236

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper protection against insertion of namesep characters into namespace URIs in xmlparse.c. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Integer overflow

EUVDB-ID: #VU60739

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-25315

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in storeRawNames function. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Use-after-free

EUVDB-ID: #VU67532

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-40674

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the doContent() function in xmlparse.c. A remote attacker can pass specially crafted input to the application that is using the affected library, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Integer overflow

EUVDB-ID: #VU69337

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42898

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to an integer overflow within the S4U2Proxy handler on 32-bit systems. A remote user can send specially crafted request to the KDC server, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Type Confusion

EUVDB-ID: #VU71992

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0286

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error related to X.400 address processing inside an X.509 GeneralName. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and perform a denial of service (DoS) attack or read memory contents.

In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Out-of-bounds write

EUVDB-ID: #VU72250

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0767

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PKCS 12 Safe Bag attributes. A remote attacker can create a specially crafted PKCS 12 cert bundle, trick the victim into loading it, trigger an out-of-bounds write and execute arbitrary code on the target system.

Install update from vendor's website.

Oracle VM Server for x86: 3.2 - 3.4

http://www.oracle.com/security-alerts/ovmbulletinapr2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.