SB2024040358 - Multiple vulnerabilities in Red Hat Advanced Cluster Security for Kubernetes 4.4

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024040358

SB2024040358 - Multiple vulnerabilities in Red Hat Advanced Cluster Security for Kubernetes 4.4

Published: April 3, 2024 Updated: January 31, 2025

Security Bulletin ID SB2024040358
Severity
High
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 17% Medium 58% Low 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.


1) Improper Neutralization of HTTP Headers for Scripting Syntax (CVE-ID: CVE-2023-29406)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to improper input validation in HTTP/1 client when handling HTTP Host header. A remote non-authenticated attacker can send a specially crafted HTTP request with a maliciously crafted Host header and inject additional headers or entire requests.

Successful exploitation of the vulnerability may allow an attacker to perform cross-site scripting, cache poisoning or session hijacking attacks.


2) Resource exhaustion (CVE-ID: CVE-2023-49568)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling responses from a Git server. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


3) Use of uninitialized variable (CVE-ID: CVE-2024-26147)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of an uninitialized variable when using the LoadIndexFile or DownloadIndexFile functions in the repo package or the LoadDir function in the plugin package. If index.yaml file or a plugins plugin.yaml file are missing in the repository, the application crashes.


4) Information disclosure (CVE-ID: CVE-2019-25210)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application, which displays values of secrets when the --dry-run flag is used. A remote attacker can gain access to sensitive information.


5) Use-after-free (CVE-ID: CVE-2019-13224)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the onig_new_deluxe() function in regext.c in Oniguruma library when processing regular expressions. A remote attacker can pass specially crafted input to the application using the vulnerable library version, trigger use-after-free error and perform denial of service attack or execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


6) Resource exhaustion (CVE-ID: CVE-2019-16163)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.


7) Integer overflow (CVE-ID: CVE-2019-19012)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to integer overflow in the "search_in_range" function in "regexec.c". A remote attacker can use a specially crafted regular expression, trigger out-of-bounds read and cause a denial-of-service or information disclosure on the target system.



8) Buffer Over-read (CVE-ID: CVE-2019-19203)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the "gb18030_mbc_enc_len" function in "gb18030.c" file due to the UChar pointer is dereferenced without checking if it passed the end of the matched string. A remote attacker can cause a denial of service condition on the target system.


9) Buffer Over-read (CVE-ID: CVE-2019-19204)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the "fetch_interval_quantifier" function (formerly known as fetch_range_quantifier) in "regparse.c" file due to the PFETCH is called without checking PEND. A remote attacker can cause a denial of service condition on the target system.

10) Out-of-bounds read (CVE-ID: CVE-2020-28241)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in dump_entry_data_list in maxminddb.c. A remote attacker can perform a denial of service attack.


11) Inadequate encryption strength (CVE-ID: CVE-2023-48795)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to incorrect implementation of the SSH Binary Packet Protocol (BPP), which mishandles the handshake phase and the use of sequence numbers. A remote attacker can perform MitM attack and delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features introduced in OpenSSH 9.5.

The vulnerability was dubbed "Terrapin attack" and it affects both client and server implementations.


12) Information Exposure Through Timing Discrepancy (CVE-ID: CVE-2024-0553)

The vulnerability allows a remote attacker to perform timing attack.

The vulnerability exists due to the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. A remote attacker can perform timing sidechannel attack in RSA-PSK key exchange.

Note, the vulnerability exists due to incomplete fox for #VU83316 (CVE-2023-5981).


Remediation

Install update from vendor's website.

References