Simon Horman

#14032of 53,633
19.2Total CVSS
Vulnerabilities · 3
Medium
2
High
1
PT-2024-33833
7.8
2024-08-02
Linux · Linux Kernel · CVE-2024-49995
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58 Description: A string buffer overrun vulnerability has been resolved in the Linux kernel. The issue occurs when copying `media name` and `if name` to `name parts`, which may overwrite the destination. This is due to the use of `strcpy()` with insufficient buffer size checks, as reported by Smatch. The vulnerable code is located in `bearer.c` at lines 166 and 167, where `media name` and `if name` are too large for `name parts->media name` and `name parts->if name`, respectively. The vulnerability was introduced by commit `b97bf3fd8f6a` ("[TIPC] Initial merge"). Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the vulnerability. As a temporary workaround, consider using `strscpy()` instead of `strcpy()` and failing if truncation occurs to prevent buffer overruns. Restrict access to the vulnerable `bearer name validate()` function until the issue is resolved. Avoid using the `media name` and `if name` variables in the affected code paths until the update is applied.
PT-2024-1912
5.5
2024-01-02
Linux · Linux Kernel · CVE-2023-52471
**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a null pointer dereference in the `ice ptp.c` file of the Linux kernel, specifically with the `devm kasprintf()` function, which can return a null pointer upon failure. This can potentially allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2019-6954
5.9
2019-11-15
None · Perdition · CVE-2013-4584
**Name of the Vulnerable Software and Affected Versions** Perdition versions prior to 2.2 **Description** The issue is related to weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. Specifically, `ssl outgoing ciphers` is not being applied to STARTTLS connections. **Recommendations** For versions prior to 2.2, update to version 2.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of STARTTLS connections until a patch is available.