diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2024-03-28 09:32:52 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2024-03-28 09:32:52 +0100 |
| commit | d6ae3a1e5ea4c448112aa2a19b1e838dc26fb2cd (patch) | |
| tree | e9054918f2fbd0cf9a7ad40d52442ba44960fdbd | |
| parent | 46d3ff7af9c8962aaec313a06051e2dec3c91393 (diff) | |
Add CVE-2023-52628
| -rw-r--r-- | active/CVE-2023-52628 | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/active/CVE-2023-52628 b/active/CVE-2023-52628 new file mode 100644 index 00000000..c01bc919 --- /dev/null +++ b/active/CVE-2023-52628 @@ -0,0 +1,20 @@ +Description: netfilter: nftables: exthdr: fix 4-byte stack OOB write +References: +Notes: + carnil> Introduced in 49499c3e6e18 ("netfilter: nf_tables: switch registers to 32 bit + carnil> addressing") + carnil> 935b7f643018 ("netfilter: nft_exthdr: add TCP option matching") + carnil> 133dc203d77d ("netfilter: nft_exthdr: Support SCTP chunks") + carnil> dbb5281a1f84 ("netfilter: nf_tables: add support for matching IPv4 options"). + carnil> Vulnerable versions: 4.1-rc1 4.11-rc1 5.3-rc1 5.10.198 5.14-rc1. +Bugs: +upstream: released (6.6-rc1) [fd94d9dadee58e09b49075240fe83423eb1dcd36] +6.7-upstream-stable: N/A "Fixed before branching point" +6.6-upstream-stable: N/A "Fixed before branching point" +6.1-upstream-stable: released (6.1.54) [d9ebfc0f21377690837ebbd119e679243e0099cc] +5.10-upstream-stable: released (5.10.198) [a7d86a77c33ba1c357a7504341172cc1507f0698] +4.19-upstream-stable: needed +sid: released (6.5.6-1) +6.1-bookworm-security: released (6.1.55-1) +5.10-bullseye-security: released (5.10.205-1) +4.19-buster-security: needed |