Publication Date: |
|
Last Update: |
|
Current Version: | V1.4 |
CVSS v3.1 Base Score: | 9.8 |
Affected Product and Versions | Remediation |
---|---|
All versions |
Currently no fix is available
|
Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:
Please follow the General Security Recommendations.
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
The vulnerability classification has been performed by using the CVSS scoring system in version 3.1 (CVSS v3.1) (https://www.first.org/cvss/). The CVSS environmental score is specific to the customer’s environment and will impact the overall CVSS score. The environmental score should therefore be individually defined by the customer to accomplish final scoring.
An additional classification has been performed using the CWE classification, a community-developed list of common software security weaknesses. This serves as a common language and as a baseline for weakness identification, mitigation, and prevention efforts. A detailed list of CWE classes can be found at: https://cwe.mitre.org/.
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-400: Uncontrolled Resource Consumption |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-284: Improper Access Control |
CVSS v3.1 Base Score | 6.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-787: Out-of-bounds Write |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-459: Incomplete Cleanup |
CVSS v3.1 Base Score | 8.2 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-401: Missing Release of Memory after Effective Lifetime |
CVSS v3.1 Base Score | 6.6 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C |
CWE | CWE-787: Out-of-bounds Write |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
CVSS v3.1 Base Score | 5.3 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
CWE | CWE-295: Improper Certificate Validation |
CVSS v3.1 Base Score | 5.9 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C |
CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
CVSS v3.1 Base Score | 6.3 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
CVSS v3.1 Base Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-404: Improper Resource Shutdown or Release |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-476: NULL Pointer Dereference |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-121: Stack-based Buffer Overflow |
CVSS v3.1 Base Score | 5.3 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
CWE | CWE-326: Inadequate Encryption Strength |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-476: NULL Pointer Dereference |
CVSS v3.1 Base Score | 9.8 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-787: Out-of-bounds Write |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-415: Double Free |
CVSS v3.1 Base Score | 6.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-287: Improper Authentication |
CVSS v3.1 Base Score | 6.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-20: Improper Input Validation |
CVSS v3.1 Base Score | 7.0 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-20: Improper Input Validation |
CVSS v3.1 Base Score | 5.3 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
CWE | CWE-923: Improper Restriction of Communication Channel to Intended Endpoints |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
CWE | CWE-125: Out-of-bounds Read |
CVSS v3.1 Base Score | 7.0 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 7.0 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-476: NULL Pointer Dereference |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-476: NULL Pointer Dereference |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-20: Improper Input Validation |
CVSS v3.1 Base Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
CVSS v3.1 Base Score | 2.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C |
CWE | CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
CVSS v3.1 Base Score | 5.3 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
CWE | CWE-404: Improper Resource Shutdown or Release |
CVSS v3.1 Base Score | 8.0 |
CVSS Vector | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer |
CVSS v3.1 Base Score | 7.1 |
CVSS Vector | CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 5.3 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C |
CWE | CWE-404: Improper Resource Shutdown or Release |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-476: NULL Pointer Dereference |
CVSS v3.1 Base Score | 6.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-476: NULL Pointer Dereference |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer |
CVSS v3.1 Base Score | 6.6 |
CVSS Vector | CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
CVSS v3.1 Base Score | 3.3 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C |
CWE | CWE-401: Missing Release of Memory after Effective Lifetime |
CVSS v3.1 Base Score | 3.3 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C |
CWE | CWE-401: Missing Release of Memory after Effective Lifetime |
CVSS v3.1 Base Score | 7.0 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer |
CVSS v3.1 Base Score | 4.3 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C |
CWE | CWE-404: Improper Resource Shutdown or Release |
CVSS v3.1 Base Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-667: Improper Locking |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-401: Missing Release of Memory after Effective Lifetime |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-833: Deadlock |
CVSS v3.1 Base Score | 5.9 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
CWE | CWE-326: Inadequate Encryption Strength |
CVSS v3.1 Base Score | 5.9 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
CWE | CWE-415: Double Free |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-455: Non-exit on Failed Initialization |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 7.0 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 6.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-863: Incorrect Authorization |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
CWE | CWE-459: Incomplete Cleanup |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
CWE | CWE-459: Incomplete Cleanup |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
CWE | CWE-459: Incomplete Cleanup |
CVSS v3.1 Base Score | 6.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-305: Authentication Bypass by Primary Weakness |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
CWE | CWE-311: Missing Encryption of Sensitive Data |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 3.3 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
CWE | CWE-203: Observable Discrepancy |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-311: Missing Encryption of Sensitive Data |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-787: Out-of-bounds Write |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-20: Improper Input Validation |
CVSS v3.1 Base Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-20: Improper Input Validation |
CVSS v3.1 Base Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-400: Uncontrolled Resource Consumption |
CVSS v3.1 Base Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
CWE | CWE-668: Exposure of Resource to Wrong Sphere |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 7.0 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 8.1 |
CVSS Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-787: Out-of-bounds Write |
CVSS v3.1 Base Score | 4.2 |
CVSS Vector | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
CVSS v3.1 Base Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-667: Improper Locking |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-667: Improper Locking |
CVSS v3.1 Base Score | 4.4 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
CWE | CWE-457: Use of Uninitialized Variable |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-476: NULL Pointer Dereference |
CVSS v3.1 Base Score | 6.5 |
CVSS Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
CWE | CWE-824: Access of Uninitialized Pointer |
CVSS v3.1 Base Score | 8.8 |
CVSS Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 6.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-787: Out-of-bounds Write |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-787: Out-of-bounds Write |
CVSS v3.1 Base Score | 7.1 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-125: Out-of-bounds Read |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-476: NULL Pointer Dereference |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 5.9 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 7.4 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
CWE | CWE-20: Improper Input Validation |
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems.
Policy processing is disabled by default but can be enabled by passing the -policy
argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()
function.
CVSS v3.1 Base Score | 7.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-295: Improper Certificate Validation |
Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks.
Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether.
Policy processing is disabled by default but can be enabled by passing
the -policy
argument to the command line utilities or by calling the
X509_VERIFY_PARAM_set1_policies()
function.
CVSS v3.1 Base Score | 5.3 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
CWE | CWE-295: Improper Certificate Validation |
The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification.
As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function.
Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument.
Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.
CVSS v3.1 Base Score | 5.3 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
CWE | CWE-295: Improper Certificate Validation |
CVSS v3.1 Base Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-476: NULL Pointer Dereference |
CVSS v3.1 Base Score | 0.0 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N/E:P/RL:O/RC:C |
CWE | CWE-400: Uncontrolled Resource Consumption |
CVSS v3.1 Base Score | 4.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-476: NULL Pointer Dereference |
CVSS v3.1 Base Score | 7.1 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 7.1 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-125: Out-of-bounds Read |
CVSS v3.1 Base Score | 6.5 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-476: NULL Pointer Dereference |
A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.
We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59
(4716c73b188566865bdd79c3a6709696a224ac04
for 5.10 stable and
0e388fce7aec40992eadee654193cad345d62663
for 5.15 stable).
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 5.3 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C |
CWE | CWE-1333: Inefficient Regular Expression Complexity |
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.
If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-416: Use After Free |
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CWE | CWE-416: Use After Free |
An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.
The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CWE | CWE-787: Out-of-bounds Write |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CWE | CWE-476: NULL Pointer Dereference |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
CWE | CWE-125: Out-of-bounds Read |
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances.
We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-20: Improper Input Validation |
CVSS v3.1 Base Score | 8.4 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-20: Improper Input Validation |
CVSS v3.1 Base Score | 6.0 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
CWE | CWE-121: Stack-based Buffer Overflow |
A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.
If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.
We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-121: Stack-based Buffer Overflow |
A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.
When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().
We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') |
CVSS v3.1 Base Score | 5.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-190: Integer Overflow or Wraparound |
CVSS v3.1 Base Score | 7.1 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C |
CWE | CWE-125: Out-of-bounds Read |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-20: Improper Input Validation |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-20: Improper Input Validation |
CVSS v3.1 Base Score | 7.8 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CWE | CWE-787: Out-of-bounds Write |
CVSS v3.1 Base Score | 0.0 |
CVSS Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N/E:P/RL:O/RC:C |
CWE | CWE-20: Improper Input Validation |
CVSS v3.1 Base Score | 6.7 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L |
CWE | CWE-125: Out-of-bounds Read |
CVSS v3.1 Base Score | 6.1 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L |
CWE | CWE-125: Out-of-bounds Read |
CVSS v3.1 Base Score | 3.2 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N |
CWE | CWE-125: Out-of-bounds Read |
h->nets
array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.CVSS v3.1 Base Score | 7.0 |
CVSS Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
CWE | CWE-787: Out-of-bounds Write |
rsvp_classify
function. This issue may allow a local user to crash the system and cause a denial of service.CVSS v3.1 Base Score | 6.5 |
CVSS Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |
CWE | CWE-125: Out-of-bounds Read |
V1.0 (2023-06-13): | Publication Date |
V1.1 (2023-07-11): | Added CVE-2022-4269, CVE-2023-3141, CVE-2023-3268, CVE-2023-31436, CVE-2023-32233 |
V1.2 (2023-08-08): | Added CVE-2023-3446, CVE-2023-3389, CVE-2022-1015, CVE-2023-3609 |
V1.3 (2023-09-12): | Added CVE-2023-3338 |
V1.4 (2023-11-14): | Added CVE-2023-1206, CVE-2023-2898, CVE-2023-3610, CVE-2023-3611, CVE-2023-3772, CVE-2023-3773, CVE-2023-3777, CVE-2023-4004, CVE-2023-4015, CVE-2023-4273, CVE-2023-4623, CVE-2023-4921, CVE-2023-35001, CVE-2023-37453, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42753, CVE-2023-42755 |