Skip to content

Commit

Permalink
Add one-line summary (#8)
Browse files Browse the repository at this point in the history
  • Loading branch information
nodivbyzero authored Oct 20, 2023
1 parent 1171769 commit 2dacaee
Show file tree
Hide file tree
Showing 9 changed files with 18 additions and 9 deletions.
3 changes: 2 additions & 1 deletion vulns/commonmark/RSEC-2023-6.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ details: The commonmark package, specifically in its dependency on GitHub Flavor
has a vulnerability related to time complexity. Parsing certain crafted markdown tables can take O(n * n) time,
leading to potential Denial of Service attacks. This issue does not affect the upstream cmark project and has been
fixed in version 0.29.0.gfm.1.
summary: Denial of Service (DoS) vulnerability
affected:
- package:
name: commonmark
Expand Down Expand Up @@ -36,5 +37,5 @@ references:
url: https://github.com/r-lib/commonmark/pull/18
aliases:
- CVE-2020-5238
modified: "2023-10-06T05:00:00.600Z"
modified: "2023-10-20T07:27:00.600Z"
published: "2023-10-06T05:00:00.600Z"
3 changes: 2 additions & 1 deletion vulns/commonmark/RSEC-2023-7.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ details: cmark-gfm, GitHub's extended CommonMark library, has multiple vulnerabi
before 0.29.0.gfm.3 and 0.28.3.gfm.21 contain an integer overflow in table row parsing, leading to heap corruption and
potential Arbitrary Code Execution. Patches are available in versions 0.29.0.gfm.6, 0.29.0.gfm.3, and 0.28.3.gfm.21.
Mitigations include upgrading or disabling affected extensions.
summary: Denial of Service (DoS) and Arbitrary Code Execution (ACE) vulnerabilities
affected:
- package:
name: commonmark
Expand Down Expand Up @@ -38,5 +39,5 @@ references:
aliases:
- CVE-2022-39209
- CVE-2022-24724
modified: "2023-10-06T05:00:00.600Z"
modified: "2023-10-20T07:27:00.600Z"
published: "2023-10-06T05:00:00.600Z"
3 changes: 2 additions & 1 deletion vulns/commonmark/RSEC-2023-8.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ details: cmark-gfm, GitHub's extended version of the CommonMark library in C, su
to unbounded resource exhaustion and denial of service. An out-of-bounds read in the `validate_protocol` function was
also identified but is considered less harmful. Patches are available in versions 0.29.0.gfm.7, 0.29.0.gfm.10, and
0.29.0.gfm.12. Upgrading is advised, and users unable to upgrade should validate input from trusted sources.
summary: Denial of Service (DoS) vulnerabilities
affected:
- package:
name: commonmark
Expand Down Expand Up @@ -55,5 +56,5 @@ aliases:
- CVE-2023-22485
- CVE-2023-22484
- CVE-2023-22483
modified: "2023-10-06T05:00:00.600Z"
modified: "2023-10-20T07:27:00.600Z"
published: "2023-10-06T05:00:00.600Z"
3 changes: 2 additions & 1 deletion vulns/haven/RSEC-2023-5.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ details: The haven R package is exposed to multiple vulnerabilities due to issue
The specific flaws include an infinite loop condition, a memory leak associated with an iconv_open call, and a
heap-based buffer over-read via an unterminated string. Exploitation of these vulnerabilities could lead to Denial of
Service or other undefined behaviors.
summary: Infinite loop, memory leak, and heap-based buffer over-read vulnerabilities
affected:
- package:
name: haven
Expand Down Expand Up @@ -34,5 +35,5 @@ aliases:
- CVE-2018-11365
- CVE-2018-11364
- CVE-2018-5698
modified: "2023-10-05T05:00:00.600Z"
modified: "2023-10-20T07:27:00.600Z"
published: "2023-10-05T05:00:00.600Z"
3 changes: 2 additions & 1 deletion vulns/igraph/RSEC-2023-4.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ details: The igraph R package, through version 0.7.1, is susceptible to a vulner
potentially exploited by attackers to cause a denial of service, resulting in an application crash.
Users of the igraph package should take necessary precautions and consider updating to a patched version to
mitigate this security risk.
summary: NULL pointer dereference vulnerability
affected:
- package:
name: igraph
Expand All @@ -27,5 +28,5 @@ references:
url: https://security-tracker.debian.org/tracker/CVE-2018-20349
aliases:
- CVE-2018-20349
modified: "2023-10-04T03:23:51.600Z"
modified: "2023-10-20T07:27:00.600Z"
published: "2023-10-04T03:23:51.600Z"
3 changes: 2 additions & 1 deletion vulns/jsonlite/RSEC-2023-3.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ id: RSEC-2023-3
details: The jsonlite R package is exposed to a vulnerability due to its use of yajl library version 2.1.0.
The vulnerability originates from the yajl_tree_parse function within yajl. Attackers can exploit this flaw
to cause a memory leak, which will result in out-of-memory in server and lead to a crash.
summary: Memory leak vulnerability
affected:
- package:
name: jsonlite
Expand Down Expand Up @@ -56,5 +57,5 @@ references:
url: https://lists.fedoraproject.org/archives/list/[email protected]/message/KLE3C4CECEJ4EUYI56KXI6OWACWXX7WN/
aliases:
- CVE-2023-33460
modified: "2023-10-06T04:37:21.600Z"
modified: "2023-10-20T07:27:00.600Z"
published: "2023-07-18T04:37:21.600Z"
3 changes: 2 additions & 1 deletion vulns/readxl/RSEC-2023-0.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ details: The readxl R package, versions 0.1.0 to 1.0.0, is vulnerable to multipl
formula record. All these vulnerabilities can lead to memory corruption, potentially resulting in remote code
execution. The exploit is triggered when a specially crafted XLS file, possibly sent by an attacker, is processed by
these vulnerable functions.
summary: Out-of-bounds write and stack based buffer overflow vulnerabilities
affected:
- package:
name: readxl
Expand Down Expand Up @@ -54,5 +55,5 @@ aliases:
- CVE-2017-12109
- CVE-2017-12110
- CVE-2017-12111
modified: "2023-07-13T02:22:58.600Z"
modified: "2023-10-19T01:17:00.600Z"
published: "2023-07-13T02:22:58.600Z"
3 changes: 2 additions & 1 deletion vulns/readxl/RSEC-2023-1.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ details: The readxl R package has been found susceptible to vulnerabilities due
read_MSAT_body function. This issue, stemming from inconsistent memory management in the ole2_read_header function,
allows attackers to trigger a DoS, application crash, or possibly an unspecified impact through a specially crafted
file.
summary: Double-free and invalid free vulnerabilities
affected:
- package:
name: readxl
Expand Down Expand Up @@ -34,5 +35,5 @@ references:
aliases:
- CVE-2018-20450
- CVE-2018-20452
modified: "2023-07-13T02:37:06.600Z"
modified: "2023-10-20T07:27:00.600Z"
published: "2023-07-13T02:37:06.600Z"
3 changes: 2 additions & 1 deletion vulns/readxl/RSEC-2023-2.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ details: The readxl R package is exposed to a vulnerability owing to its underly
The vulnerability originates in the xls_getWorkSheet function within xls.c in libxls. Attackers can exploit this flaw
by utilizing a specially crafted XLS file, leading to a Denial of Service (DoS)
attack.
summary: Denial of Service (DoS) vulnerability
affected:
- package:
name: readxl
Expand All @@ -25,5 +26,5 @@ references:
url: https://nvd.nist.gov/vuln/detail/CVE-2021-27836
aliases:
- CVE-2021-27836
modified: "2023-07-13T02:46:57.600Z"
modified: "2023-10-20T07:27:00.600Z"
published: "2023-07-13T02:46:57.600Z"

0 comments on commit 2dacaee

Please sign in to comment.