漏洞修补列表
该版本涉及开源及第三方软件漏洞、自研代码漏洞,表1和表2分别为已修补的开源及第三方软件漏洞列表和自研代码漏洞列表。
软件名称 |
软件版本 |
CVE编号 |
实际CVSS得分 |
漏洞描述 |
解决版本 |
|---|---|---|---|---|---|
OpenSSL |
1.1.1n |
CVE-2022-2068 |
9.8 |
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). |
Kunpeng BoostKit 22.0.0 |
OpenSSL |
1.1.1n |
CVE-2022-1292 |
9.8 |
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). |
Kunpeng BoostKit 22.0.0 |
OpenSSL |
1.1.1n |
CVE-2022-2097 |
5.3 |
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). |
Kunpeng BoostKit 22.0.0 |
Apache ZooKeeper |
3.7.0 |
CVE-2021-28164 |
5.3 |
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. |
Kunpeng BoostKit 22.0.0 |
Apache ZooKeeper |
3.7.0 |
CVE-2021-34429 |
5.3 |
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. |
Kunpeng BoostKit 22.0.0 |
google/protobuf |
3.13.0 |
CVE-2022-3171 |
7.5 |
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. |
Kunpeng BoostKit 22.0.0 |
google/protobuf |
3.13.0 |
CVE-2021-22569 |
5.5 |
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions. |
Kunpeng BoostKit 22.0.0 |
google/protobuf |
3.13.0 |
CVE-2021-22570 |
7.5 |
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. |
Kunpeng BoostKit 22.0.0 |
zlib |
v1.2.12 |
CVE-2022-37434 |
9.8 |
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). |
Kunpeng BoostKit 22.0.0 |
OpenSSL |
1.1.1n |
CVE-2023-0215 |
7.5 |
A use-after-free vulnerability was found in OpenSSL's BIO_new_NDEF function. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be called directly by end-user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions. For example, if a CMS recipient public key is invalid, the new filter BIO is freed, and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up, and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then calls BIO_pop() on the BIO, a use-after-free will occur, possibly resulting in a crash. |
Kunpeng BoostKit 22.0.0.SPC5 |
OpenSSL |
1.1.1n |
CVE-2023-0286 |
7.4 |
Vulnerability Summary for CVE-2023-0286 |
Kunpeng BoostKit 22.0.0.SPC5 |
OpenSSL |
1.1.1n |
CVE-2022-4450 |
7.5 |
A double-free vulnerability was found in OpenSSL's PEM_read_bio_ex function. The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (for example, "CERTIFICATE"), any header data, and the payload data. If the function succeeds, then the "name_out," "header," and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. Constructing a PEM file that results in 0 bytes of payload data is possible. In this case, PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a freed buffer. A double-free will occur if the caller also frees this buffer. This will most likely lead to a crash. This could be exploited by an attacker who can supply malicious PEM files for parsing to achieve a denial of service attack. |
Kunpeng BoostKit 22.0.0.SPC5 |
OpenSSL |
1.1.1n |
CVE-2023-0464 |
7.5 |
A security vulnerability has been identified in all supported versions |
Kunpeng BoostKit 22.0.0.SPC5 |
OpenSSL |
1.1.1n |
CVE-2023-0465 |
5.3 |
Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. |
Kunpeng BoostKit 22.0.0.SPC5 |
OpenSSL |
1.1.1n |
CVE-2023-0466 |
5.3 |
The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications. |
Kunpeng BoostKit 22.0.0.SPC5 |
OpenSSL |
1.1.1n |
CVE-2022-4304 |
5.9 |
A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP, and RSASVE. |
Kunpeng BoostKit 22.0.0.SPC5 |
c-ares |
1.16.1 |
CVE-2022-4904 |
8.6 |
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. |
Kunpeng BoostKit 22.0.0.SPC5 |
软件名称 |
软件版本 |
漏洞编号 |
CVE编号 |
CVSS |
漏洞描述 |
解决版本 |
|---|---|---|---|---|---|---|
KMC |
22.0.0 |
HWPSIRT-2022-32170 |
NA |
6.5 |
KMC流式加解密接口 SdpEncryptUpdate、SdpEncryptUpdateEx、 SdpDecryptUpdate、SdpDecryptUpdateEx、 SdpEncryptFinal、SdpEncryptFinalEx、 SdpDecryptFinal、SdpDecryptFinalEx入参异常会导致整数翻转,导致底层密码学库发生内存问题,影响可用性 |
Kunpeng BoostKit 22.0.0 |
