Retire CVE-2023-5972

author: Salvatore Bonaccorso <carnil@debian.org> 2023-11-23 21:35:03 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2023-11-23 21:35:03 +0100
commit: c84e3240b9936262df44caf65ca65737cdb49a4a (patch)
tree: dfc688cc4e24d0f3ac82f9115781676c84885751 /retired
parent: d728d2f91bcdd479f37e2f739894a2f1d0a9e3f9 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/retired/CVE-2023-5972 b/retired/CVE-2023-5972
new file mode 100644
index 00000000..51904c8b
--- /dev/null
+++ b/retired/CVE-2023-5972
@@ -0,0 +1,15 @@
+Description: The NFTA_INNER_NUM and NFTA_EXPR_NAME netlink attributes accessed without checking its presence in nft_inner.c
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2248189
+Notes:
+ carnil> Fixes for 3a07327d10a0 ("netfilter: nft_inner: support for
+ carnil> inner tunnel header matching") in 6.2-rc1.
+Bugs:
+upstream: released (6.6-rc7) [505ce0630ad5d31185695f8a29dde8d29f28faa7, 52177bbf19e6e9398375a148d2e13ed492b40b80]
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: released (6.5.10-1)
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2023-11-23 21:35:03 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2023-11-23 21:35:03 +0100
commit	c84e3240b9936262df44caf65ca65737cdb49a4a (patch)
tree	dfc688cc4e24d0f3ac82f9115781676c84885751 /retired
parent	d728d2f91bcdd479f37e2f739894a2f1d0a9e3f9 (diff)