docker-splunk
docker-splunk copied to clipboard
Published
20 hours ago •
splunk
splunk
Release Another Distro To Publish Images or Remediate CVE's
trafficstars
Hello! The base image thats being leveraged currently is redhat-RHEL8 and comes with numerous CVE's. We were wondering if it would be possible to use a different base image or if there was a lighter image available? Or is it possible to remediate these CVE's by bumping the os version? Here are the CVE's:
| Repository | Tag | Distro | CVE ID | Severity | Packages | Source Package | Package Version | Package License | Fix Status | Description |
|---|---|---|---|---|---|---|---|---|---|---|
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-0286 | high | cryptography | 3.3.2 | BSD or Apache License, Version 2.0 | fixed in 39.0.1 | There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-23931 | medium | cryptography | 3.3.2 | BSD or Apache License, Version 2.0 | fixed in 39.0.1 | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as bytes) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since update_into was originally introduced in cryptography 1.8. |
|
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | PRISMA-2022-0168 | high | pip | 9.0.3 | MIT | open | An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely. This vulnerability was first assigned with CVE-2018-20225, but it is still under dispute. However, this vulnerability still poses a threat when using the --extra-index-url. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-24056 | moderate | pkgconf-pkg-config | 1.4.2-1.el8 | ISC | affected | In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-3715 | moderate | bash | 4.4.20-4.el8_6 | GPLv3+ | affected | A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-43552 | low | libcurl | 7.61.1-25.el8_7.2 | MIT | affected | A use after free vulnerability exists in curl <7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-43995 | important | sudo | 1.8.29-8.el8_7.1 | ISC | under investigation | Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2017-14501 | low | libarchive | 3.3.3-4.el8 | BSD | affected | An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-4304 | moderate | openssl-libs | 1.1.1k-7.el8_6 | OpenSSL and ASL 2.0 | affected | A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-23916 | moderate | libcurl | 7.61.1-25.el8_7.2 | MIT | affected | An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-35252 | low | curl | 7.61.1-25.el8_7.2 | MIT | affected | When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-35937 | moderate | rpm | 4.14.3-24.el8_7 | GPLv2+ | affected | A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-44568 | low | libsolv | 0.7.20-4.el8_7 | BSD | affected | Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-35938 | moderate | rpm | 4.14.3-24.el8_7 | GPLv2+ | affected | A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-24329 | important | python3-libs | 3.6.8-48.el8_7.1 | Python | under investigation | An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-35938 | moderate | rpm-libs | 4.14.3-24.el8_7 | GPLv2+ and LGPLv2+ with exceptions | affected | A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-0361 | moderate | gnutls | 3.6.16-5.el8_6 | GPLv3+ and LGPLv2+ | affected | A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-0054 | low | vim-minimal | 8.0.1763-19.el8_6.4 | Vim and MIT | affected | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-35939 | moderate | rpm-libs | 4.14.3-24.el8_7 | GPLv2+ and LGPLv2+ with exceptions | affected | It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-2206 | low | vim-minimal | 8.0.1763-19.el8_6.4 | Vim and MIT | affected | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-4293 | low | vim-minimal | 8.0.1763-19.el8_6.4 | Vim and MIT | under investigation | Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-4450 | moderate | openssl-libs | 1.1.1k-7.el8_6 | OpenSSL and ASL 2.0 | affected | The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as th | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-24056 | moderate | pkgconf | 1.4.2-1.el8 | ISC | affected | In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-24329 | important | platform-python | 3.6.8-48.el8_7.1 | Python | under investigation | An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. |
Continued:
| Repository | Tag | Distro | CVE ID | Severity | Packages | Source Package | Package Version | Package License | Fix Status | Description |
|---|---|---|---|---|---|---|---|---|---|---|
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-36227 | low | libarchive | 3.3.3-4.el8 | BSD | affected | In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution." | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-1127 | low | vim-minimal | 8.0.1763-19.el8_6.4 | Vim and MIT | under investigation | Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-47024 | moderate | vim-minimal | 8.0.1763-19.el8_6.4 | Vim and MIT | under investigation | A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-0286 | moderate | openssl-libs | 1.1.1k-7.el8_6 | OpenSSL and ASL 2.0 | affected | There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-0215 | moderate | openssl-libs | 1.1.1k-7.el8_6 | OpenSSL and ASL 2.0 | affected | The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_ | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-24056 | moderate | libpkgconf | 1.4.2-1.el8 | ISC | affected | In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-24056 | moderate | pkgconf-m4 | 1.4.2-1.el8 | GPLv2+ with exceptions | affected | In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-3826 | low | libgcc | 8.5.0-16.el8_7 | GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD | affected | Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-35252 | low | libcurl | 7.61.1-25.el8_7.2 | MIT | affected | When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-43552 | low | curl | 7.61.1-25.el8_7.2 | MIT | affected | A use after free vulnerability exists in curl <7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-0512 | low | vim-minimal | 8.0.1763-19.el8_6.4 | Vim and MIT | under investigation | Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-27320 | moderate | sudo | 1.8.29-8.el8_7.1 | ISC | under investigation | Sudo before 1.9.13p2 has a double free in the per-command chroot feature. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-35939 | moderate | rpm | 4.14.3-24.el8_7 | GPLv2+ | affected | It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-3826 | low | libstdc++ | 8.5.0-16.el8_7 | GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD | affected | Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-2175 | low | vim-minimal | 8.0.1763-19.el8_6.4 | Vim and MIT | affected | Buffer Over-read in GitHub repository vim/vim prior to 8.2. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-0433 | low | vim-minimal | 8.0.1763-19.el8_6.4 | Vim and MIT | under investigation | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-35937 | moderate | rpm-libs | 4.14.3-24.el8_7 | GPLv2+ and LGPLv2+ with exceptions | affected | A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-23916 | moderate | curl | 7.61.1-25.el8_7.2 | MIT | affected | An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-2208 | low | vim-minimal | 8.0.1763-19.el8_6.4 | Vim and MIT | affected | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2017-14166 | low | libarchive | 3.3.3-4.el8 | BSD | affected | libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-3826 | low | libgomp | 8.5.0-16.el8_7 | GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD | affected | Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-42381 | high | busybox | 1.28.1 | fixed in 1.33.2 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2018-1000517 | critical | busybox | 1.28.1 | fixed in 1.29.0 | BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e. | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-42374 | medium | busybox | 1.28.1 | fixed in 1.33.2 | An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-42379 | high | busybox | 1.28.1 | fixed in 1.33.2 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2018-1000500 | high | busybox | 1.28.1 | fixed in 1.32.0 | Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file". | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-42378 | high | busybox | 1.28.1 | fixed in 1.33.2 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-42385 | high | busybox | 1.28.1 | fixed in 1.33.2 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function |
Continued:
| Repository | Tag | Distro | CVE ID | Severity | Packages | Source Package | Package Version | Package License | Fix Status | Description |
|---|---|---|---|---|---|---|---|---|---|---|
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-42386 | high | busybox | 1.28.1 | fixed in 1.33.2 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2018-20679 | high | busybox | 1.28.1 | fixed in 1.30.0 | An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes. | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-42376 | medium | busybox | 1.28.1 | fixed in 1.34.0 | A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-42384 | high | busybox | 1.28.1 | fixed in 1.33.2 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2019-5747 | high | busybox | 1.28.1 | fixed in 1.30.1 | An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679. | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-42382 | high | busybox | 1.28.1 | fixed in 1.33.2 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-28391 | high | busybox | 1.28.1 | BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. | |||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-42380 | high | busybox | 1.28.1 | fixed in 1.33.2 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-3737 | high | python | 3.7.10 | fixed in 3.9.6, 3.8.11, 3.7.11,... | A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-0391 | high | python | 3.7.10 | fixed in 3.9.5, 3.8.11, 3.7.11,... | A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2016-3189 | medium | python | 3.7.10 | fixed in 3.10.3, 3.9.11, 3.8.13,... | Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2018-25032 | high | python | 3.7.10 | fixed in 1.2.12 | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-3733 | medium | python | 3.7.10 | fixed in 3.9.5, 3.8.10, 3.7.11,... | There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2019-12900 | critical | python | 3.7.10 | fixed in 3.10.3, 3.9.11, 3.8.13,... | BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2015-20107 | high | python | 3.7.10 | fixed in 3.10.8 | In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-42919 | high | python | 3.7.10 | fixed in 3.10.9, 3.9.16 | Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9. | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-24329 | high | python | 3.7.10 | fixed in 3.11 | An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2020-10735 | high | python | 3.7.10 | fixed in 3.10.7, 3.9.14, 3.8.14,... | A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-4189 | medium | python | 3.7.10 | fixed in 3.9.3, 3.8.9, 3.7.11,... | A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-45061 | high | python | 3.7.10 | fixed in 3.10.9, 3.9.16, 3.8.16,... | An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. | ||
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | Private keys stored in image | high | Private keys stored in image |
| Repository | Tag | Distro | CVE ID | Severity | Packages | Source Package | Package Version | Package License | Fix Status | Description |
|---|---|---|---|---|---|---|---|---|---|---|
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-26604 | OS | systemd-libs | 239-68.el8_7.4 | LGPLv2+ and MIT | affected | systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-3491 | OS | vim-minimal | 8.0.1763-19.el8_6.4 | Vim and MIT | under investigation | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-3234 | OS | vim-minimal | 8.0.1763-19.el8_6.4 | Vim and MIT | under investigation | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. | |
| splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-47024 | OS | vim-minimal | 8.0.1763-19.el8_6.4 | Vim and MIT | under investigation | A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts. |