Rohit Keshri

**Name of the Vulnerable Software and Affected Versions** Keycloak versions prior to 24 **Description** A denial of service issue was found in Keycloak where the amount of attributes per object is not limited. An attacker could cause resource exhaustion by sending repeated HTTP requests, leading to the application sending back rows with long attribute values. **Recommendations** For versions prior to 24, update to Keycloak 24 or later, which introduces the User Profile feature that fixes this issue. As a temporary workaround, consider restricting the amount of attributes per object to prevent resource exhaustion.

**Name of the Vulnerable Software and Affected Versions** Bombastic (affected versions not specified) **Description** A flaw was found in Bombastic, allowing authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Red Hat Enterprise Application Platform 8 JBoss EAP (affected versions not specified) **Description** A flaw was found in the software when an OIDC app that serves multiple tenants attempts to access the second tenant. The issue arises because the software should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying problem is in `OidcSessionTokenStore` when determining if a cached token should be used or not. This logic needs to be updated to take into account the new `provider-url` option in addition to the `realm` option. **Recommendations** For Red Hat Enterprise Application Platform 8, update the logic in `OidcSessionTokenStore` to consider the `provider-url` option along with the `realm` option. For JBoss EAP, update the logic in `OidcSessionTokenStore` to consider the `provider-url` option along with the `realm` option. As a temporary workaround, consider disabling the use of cached tokens in `OidcSessionTokenStore` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a memory leak in the `posix clock open()` function. If the `clk ops.open()` function returns an error, the allocated `pccontext` for the clock is not released. This can lead to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** The issue is related to an uncontrolled recursion in the Open vSwitch component of the Linux Kernel. This occurs when a recursive operation of code push recursively calls into the code block, and the OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 389-ds-base (affected versions not specified) **Description** The issue is related to a heap overflow flaw in the 389-ds-base component, specifically in the `log entry attr` function. This flaw can lead to a denial of service when a value larger than 256 characters is written to `log entry attr`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** A flaw was found in the JSON payload. If annotation-based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration-based security. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CRI-O versions prior to 1.29.1 CRI-O versions prior to 1.28.3 CRI-O versions prior to 1.27.3 **Description** A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the Kubernetes scheduler and potentially resulting in a denial of service in the node. The issue is related to the `io.kubernetes.cri-o.UnifiedCgroup` annotation, which was supposed to be filtered from the list of allowed annotations but is not due to a bug. This allows any user to specify this annotation, regardless of whether it's enabled on the node. **Recommendations** For CRI-O versions prior to 1.29.1, upgrade to version 1.29.1 or later. For CRI-O versions prior to 1.28.3, upgrade to version 1.28.3 or later. For CRI-O versions prior to 1.27.3, upgrade to version 1.27.3 or later. As a temporary workaround, consider using cgroupv1 instead of cgroupv2.

**Name of the Vulnerable Software and Affected Versions** JWCrypto (affected versions not specified) **Description** A flaw was found in JWCrypto, allowing an attacker to cause a denial of service (DoS) attack and making password brute-force and dictionary attacks more resource-intensive. This issue results in a large amount of computational consumption, leading to a denial of service attack. The vulnerability affects applications that use the PBKDF2 algorithm. **Recommendations** To resolve the issue, applications that do not need to use PBKDF2 should exclude it from the list of algorithms. Applications that need to use the algorithm should upgrade to the new version that allows setting a maximum number of rounds. As a temporary workaround, consider setting the maximum number of default rounds to prevent excessive computational consumption.

**Name of the Vulnerable Software and Affected Versions** Keycloak (affected versions not specified) **Description** A flaw was found in the `redirect uri` validation logic in Keycloak, which may allow a bypass of otherwise explicitly allowed hosts. This issue arises due to a desynchronization in how Keycloak and browsers interpret URLs, specifically in the `verifyRedirectUri` method. The validation logic is performed on a URL decoded version, which no longer represents the original input. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A null pointer dereference vulnerability was found in the `dpll pin parent pin set()` function in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with `unix stream read generic()` on the socket that the SKB is queued on. This issue is related to the `io uring` component and the `scm fp copy` function in the `net/core/scm.c` module. The exploitation of this flaw may allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** The issue is related to an out-of-bounds read vulnerability in the `smb2 dump detail()` function in the Linux Kernel. This vulnerability could allow a local attacker to crash the system or leak internal kernel information. The vulnerability is located in `fs/smb/client/smb2ops.c`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A flaw was found in the blkgs destruction path in block/blk-cgroup.c, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, `cgroup rstat flush()` is only called at `css release work fn()`, which is called when the `blkcg` reference count reaches 0. This circular dependency will prevent `blkcg` and some `blkgs` from being freed after they are made offline. This issue may allow an attacker with local access to cause system instability, such as an out of memory error. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libtiff (affected versions not specified) **Description** An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the `TIFFRasterScanlineSize64()` API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. The issue is related to a buffer overflow in memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** The issue is related to a flaw in the `vringh kiov advance()` function in the `drivers/vhost/vringh.c` module of the Linux Kernel. This flaw may result in a denial of service from guest to host via zero length descriptor. An attacker could exploit this issue to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key. The vulnerability is also related to the possibility of a Bleichenbacher or Marvin attack, which could allow a remote attacker to access or impact protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** A use-after-free flaw was found in the `lan78xx disconnect` function in `drivers/net/usb/lan78xx.c` in the network sub-component `net/usb/lan78xx` of the Linux Kernel. This issue allows a local attacker to crash the system when the LAN78XX USB device detaches. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** A race condition occurred between the functions `lmLogClose` and `txEnd` in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A denial of service issue due to a deadlock was found in the `sctp auto asconf init` function in `net/sctp/socket.c` in the Linux kernel's SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.