Ariadne Conill

#10537of 53,635
26.3Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2023-2539
5.5
2023-01-21
Pkgconf · Pkgconf · CVE-2023-24056
**Name of the Vulnerable Software and Affected Versions** pkgconf versions 1.9.3 and earlier **Description** The issue is related to the `pkgconf tuple parse` function in `libpkgconf/tuple.c`, which can cause an unbounded string expansion due to incorrect checks. This can lead to a denial of service when a specially crafted `.pc` file is used. For example, a `.pc` file containing a few hundred bytes can expand to one billion bytes. **Recommendations** For versions 1.9.3 and earlier, update to a version later than 1.9.3 to resolve the issue. As a temporary workaround, consider restricting the use of the `pkgconf tuple parse` function in `libpkgconf/tuple.c` until a patch is available. Avoid using variable duplication in `.pc` files to minimize the risk of exploitation.
PT-2025-8192
5.5
2022-11-15
Linux · Linux Kernel · CVE-2022-49264
**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved, related to the execution of commands with empty argv. The issue is described as forcing a single empty string when argv is empty. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-3700
10
2022-04-03
Busybox · Busybox · CVE-2022-28391
**Name of the Vulnerable Software and Affected Versions** BusyBox versions prior to 1.35.0 **Description** The issue is related to the lack of input sanitization in the BusyBox command-line utility set, specifically affecting the netstat utility when printing DNS PTR records to a VT-compatible terminal. This could allow a remote attacker to execute arbitrary code or change the terminal's colors. **Recommendations** For versions prior to 1.35.0, update to version 1.35.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the netstat utility with DNS PTR records on VT-compatible terminals until a patch is available.
PT-2021-5797
5.3
2021-03-15
Lynx · Lynx · CVE-2021-38165
**Name of the Vulnerable Software and Affected Versions** Lynx versions 2.8.9 and earlier **Description** The issue is related to the mishandling of the userinfo subcomponent of a URI, allowing remote attackers to discover cleartext credentials because they may appear in SNI data or HTTP headers. This can enable a remote attacker to access confidential data. **Recommendations** For versions 2.8.9 and earlier, update to a version that fixes the userinfo subcomponent handling issue to prevent cleartext credentials from being exposed in SNI data or HTTP headers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.