SB2023110854 - Multiple vulnerabilities in Migration Toolkit for Applications 6.2
Published: November 8, 2023 Updated: January 9, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 22 secuirty vulnerabilities.
1) Stack-based buffer overflow (CVE-ID: CVE-2023-22652)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the "read_file" function. A remote attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Cleartext transmission of sensitive information (CVE-ID: CVE-2023-40217)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error in ssl.SSLSocket implementation when handling TLS client authentication. A remote attacker can trick the application to send data unencrypted.
3) Path traversal (CVE-ID: CVE-2023-38633)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the URL decoder. A remote attacker can pass specially crafted URL to the library and read arbitrary files on the system.
4) External control of file name or path (CVE-ID: CVE-2023-38546)
The vulnerability allows an attacker to inject arbitrary cookies into request.
The vulnerability exists due to the way cookies are handled by libcurl. If a transfer has cookies enabled when the handle is duplicated, the
cookie-enable state is also cloned - but without cloning the actual
cookies. If the source handle did not read any cookies from a specific
file on disk, the cloned version of the handle would instead store the
file name as none (using the four ASCII letters, no quotes).
none - if such a file exists and is readable in the current directory of the program using libcurl. 5) Heap-based buffer overflow (CVE-ID: CVE-2023-38545)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the SOCKS5 proxy handshake. A remote attacker can trick the victim to visit a malicious website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that SOCKS5 proxy is used and that SOCKS5 handshake is slow (e.g. under heavy load or DoS attack).
6) Untrusted search path (CVE-ID: CVE-2023-38408)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to usage of an insecure search path within the PKCS#11 feature in ssh-agent. A remote attacker can trick the victim into connecting to a malicious SSH server and execute arbitrary code on the system, if an agent is forwarded to an attacker-controlled system.
Note, this vulnerability exists due to incomplete fix for #VU2015 (CVE-2016-10009).
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-34969)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in the dbus-daemon when sending a reply message from the "bus driver". If a local privileged user (e.g. root) is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, another unprivileged user with the ability to connect to the same dbus-daemon can force the service to send an unreplyable message and perform a denial of service (DoS) attack.
8) Improper Authentication (CVE-ID: CVE-2023-32360)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to missing authentication in CUPS. A remote attacker can access recently printed documents.
9) Stack-based buffer overflow (CVE-ID: CVE-2023-30079)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the read_file() function in atlibeconf/lib/getfilecontents.c. A remote unauthenticated attacker can trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Resource management error (CVE-ID: CVE-2023-29469)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources when working with hashes of empty dict strings. A remote attacker can and perform a denial of service (DoS) attack.
11) NULL pointer dereference (CVE-ID: CVE-2023-28484)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in xmlSchemaFixupComplexType. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
12) Improper input validation (CVE-ID: CVE-2023-22081)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the JSSE component in Oracle GraalVM for JDK. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
13) Resource exhaustion (CVE-ID: CVE-2023-39325)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to excessive consumption of internal resources when handling HTTP/2 requests. A remote attacker can bypass the http2.Server.MaxConcurrentStreams setting by creating new connections while the current connections are still being processed, trigger resource exhaustion and perform a denial of service (DoS) attack.
14) Heap-based buffer overflow (CVE-ID: CVE-2023-4863)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing WebP images within libwebp library. A remote attacker can trick the victim to visit a malicious website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. The vulnerability affects all modern browsers that support WebP image processing.
Note, the vulnerability is being actively exploited in the wild.
15) Buffer overflow (CVE-ID: CVE-2023-4911)
The vulnerability allows a local user to escalate privileges on the system.
16) Use-after-free (CVE-ID: CVE-2023-4813)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the gaih_inet() function when the getaddrinfo() function is called and the hosts database in
/etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
17) Use-after-free (CVE-ID: CVE-2023-4806)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the getaddrinfo() function. A remote attacker can perform a denial of service (DoS) attack.
18) Out-of-bounds read (CVE-ID: CVE-2023-4527)
The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the getaddrinfo() function called with the AF_UNSPEC address family. A remote attacker with control over DNS server can send a DNS response via TCP larger than 2048 bytes, trigger an out-of-bounds read and crash the application or gain access to potentially sensitive information.
Successful exploitation of the vulnerability requires that system is configured with no-aaaa mode via /etc/resolv.conf.
19) PHP file inclusion (CVE-ID: CVE-2023-2603)
The vulnerability allows a remote attacker to include and execute arbitrary PHP files on the server.
The vulnerability exists due to incorrect input validation when including PHP files in web/ajax/modal.php. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.
20) Memory leak (CVE-ID: CVE-2023-2602)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in the error handling in the __wrap_pthread_create() function. A remote attacker can send a specially crafted request, exploit vulnerability to exhaust the process memory and cause a denial of service condition.
21) Buffer overflow (CVE-ID: CVE-2020-22219)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the bitwriter_grow_ in() function. A remote attacker can pass specially crafted input to the application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
22) Resource exhaustion (CVE-ID: CVE-2023-44487)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".
Note, the vulnerability is being actively exploited in the wild.
Remediation
Install update from vendor's website.