diff --git a/vulns/commonmark/RSEC-2023-6.yaml b/vulns/commonmark/RSEC-2023-6.yaml index 905064f..c77b904 100644 --- a/vulns/commonmark/RSEC-2023-6.yaml +++ b/vulns/commonmark/RSEC-2023-6.yaml @@ -3,6 +3,7 @@ details: The commonmark package, specifically in its dependency on GitHub Flavor has a vulnerability related to time complexity. Parsing certain crafted markdown tables can take O(n * n) time, leading to potential Denial of Service attacks. This issue does not affect the upstream cmark project and has been fixed in version 0.29.0.gfm.1. +summary: Denial of Service (DoS) vulnerability affected: - package: name: commonmark @@ -36,5 +37,5 @@ references: url: https://github.com/r-lib/commonmark/pull/18 aliases: - CVE-2020-5238 -modified: "2023-10-06T05:00:00.600Z" +modified: "2023-10-20T07:27:00.600Z" published: "2023-10-06T05:00:00.600Z" diff --git a/vulns/commonmark/RSEC-2023-7.yaml b/vulns/commonmark/RSEC-2023-7.yaml index 8837c97..435e651 100644 --- a/vulns/commonmark/RSEC-2023-7.yaml +++ b/vulns/commonmark/RSEC-2023-7.yaml @@ -4,6 +4,7 @@ details: cmark-gfm, GitHub's extended CommonMark library, has multiple vulnerabi before 0.29.0.gfm.3 and 0.28.3.gfm.21 contain an integer overflow in table row parsing, leading to heap corruption and potential Arbitrary Code Execution. Patches are available in versions 0.29.0.gfm.6, 0.29.0.gfm.3, and 0.28.3.gfm.21. Mitigations include upgrading or disabling affected extensions. +summary: Denial of Service (DoS) and Arbitrary Code Execution (ACE) vulnerabilities affected: - package: name: commonmark @@ -38,5 +39,5 @@ references: aliases: - CVE-2022-39209 - CVE-2022-24724 -modified: "2023-10-06T05:00:00.600Z" +modified: "2023-10-20T07:27:00.600Z" published: "2023-10-06T05:00:00.600Z" diff --git a/vulns/commonmark/RSEC-2023-8.yaml b/vulns/commonmark/RSEC-2023-8.yaml index db00d10..549d82c 100644 --- a/vulns/commonmark/RSEC-2023-8.yaml +++ b/vulns/commonmark/RSEC-2023-8.yaml @@ -5,6 +5,7 @@ details: cmark-gfm, GitHub's extended version of the CommonMark library in C, su to unbounded resource exhaustion and denial of service. An out-of-bounds read in the `validate_protocol` function was also identified but is considered less harmful. Patches are available in versions 0.29.0.gfm.7, 0.29.0.gfm.10, and 0.29.0.gfm.12. Upgrading is advised, and users unable to upgrade should validate input from trusted sources. +summary: Denial of Service (DoS) vulnerabilities affected: - package: name: commonmark @@ -55,5 +56,5 @@ aliases: - CVE-2023-22485 - CVE-2023-22484 - CVE-2023-22483 -modified: "2023-10-06T05:00:00.600Z" +modified: "2023-10-20T07:27:00.600Z" published: "2023-10-06T05:00:00.600Z" diff --git a/vulns/haven/RSEC-2023-5.yaml b/vulns/haven/RSEC-2023-5.yaml index 0dfd97a..9a707e6 100644 --- a/vulns/haven/RSEC-2023-5.yaml +++ b/vulns/haven/RSEC-2023-5.yaml @@ -3,6 +3,7 @@ details: The haven R package is exposed to multiple vulnerabilities due to issue The specific flaws include an infinite loop condition, a memory leak associated with an iconv_open call, and a heap-based buffer over-read via an unterminated string. Exploitation of these vulnerabilities could lead to Denial of Service or other undefined behaviors. +summary: Infinite loop, memory leak, and heap-based buffer over-read vulnerabilities affected: - package: name: haven @@ -34,5 +35,5 @@ aliases: - CVE-2018-11365 - CVE-2018-11364 - CVE-2018-5698 -modified: "2023-10-05T05:00:00.600Z" +modified: "2023-10-20T07:27:00.600Z" published: "2023-10-05T05:00:00.600Z" diff --git a/vulns/igraph/RSEC-2023-4.yaml b/vulns/igraph/RSEC-2023-4.yaml index 794b369..e3b55d0 100644 --- a/vulns/igraph/RSEC-2023-4.yaml +++ b/vulns/igraph/RSEC-2023-4.yaml @@ -4,6 +4,7 @@ details: The igraph R package, through version 0.7.1, is susceptible to a vulner potentially exploited by attackers to cause a denial of service, resulting in an application crash. Users of the igraph package should take necessary precautions and consider updating to a patched version to mitigate this security risk. +summary: NULL pointer dereference vulnerability affected: - package: name: igraph @@ -27,5 +28,5 @@ references: url: https://security-tracker.debian.org/tracker/CVE-2018-20349 aliases: - CVE-2018-20349 -modified: "2023-10-04T03:23:51.600Z" +modified: "2023-10-20T07:27:00.600Z" published: "2023-10-04T03:23:51.600Z" diff --git a/vulns/jsonlite/RSEC-2023-3.yaml b/vulns/jsonlite/RSEC-2023-3.yaml index 81396af..c4f95e7 100644 --- a/vulns/jsonlite/RSEC-2023-3.yaml +++ b/vulns/jsonlite/RSEC-2023-3.yaml @@ -2,6 +2,7 @@ id: RSEC-2023-3 details: The jsonlite R package is exposed to a vulnerability due to its use of yajl library version 2.1.0. The vulnerability originates from the yajl_tree_parse function within yajl. Attackers can exploit this flaw to cause a memory leak, which will result in out-of-memory in server and lead to a crash. +summary: Memory leak vulnerability affected: - package: name: jsonlite @@ -56,5 +57,5 @@ references: url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KLE3C4CECEJ4EUYI56KXI6OWACWXX7WN/ aliases: - CVE-2023-33460 -modified: "2023-10-06T04:37:21.600Z" +modified: "2023-10-20T07:27:00.600Z" published: "2023-07-18T04:37:21.600Z" diff --git a/vulns/readxl/RSEC-2023-0.yaml b/vulns/readxl/RSEC-2023-0.yaml index 51cd365..4924ddc 100644 --- a/vulns/readxl/RSEC-2023-0.yaml +++ b/vulns/readxl/RSEC-2023-0.yaml @@ -8,6 +8,7 @@ details: The readxl R package, versions 0.1.0 to 1.0.0, is vulnerable to multipl formula record. All these vulnerabilities can lead to memory corruption, potentially resulting in remote code execution. The exploit is triggered when a specially crafted XLS file, possibly sent by an attacker, is processed by these vulnerable functions. +summary: Out-of-bounds write and stack based buffer overflow vulnerabilities affected: - package: name: readxl @@ -54,5 +55,5 @@ aliases: - CVE-2017-12109 - CVE-2017-12110 - CVE-2017-12111 -modified: "2023-07-13T02:22:58.600Z" +modified: "2023-10-19T01:17:00.600Z" published: "2023-07-13T02:22:58.600Z" diff --git a/vulns/readxl/RSEC-2023-1.yaml b/vulns/readxl/RSEC-2023-1.yaml index d95f055..d6d95bc 100644 --- a/vulns/readxl/RSEC-2023-1.yaml +++ b/vulns/readxl/RSEC-2023-1.yaml @@ -7,6 +7,7 @@ details: The readxl R package has been found susceptible to vulnerabilities due read_MSAT_body function. This issue, stemming from inconsistent memory management in the ole2_read_header function, allows attackers to trigger a DoS, application crash, or possibly an unspecified impact through a specially crafted file. +summary: Double-free and invalid free vulnerabilities affected: - package: name: readxl @@ -34,5 +35,5 @@ references: aliases: - CVE-2018-20450 - CVE-2018-20452 -modified: "2023-07-13T02:37:06.600Z" +modified: "2023-10-20T07:27:00.600Z" published: "2023-07-13T02:37:06.600Z" diff --git a/vulns/readxl/RSEC-2023-2.yaml b/vulns/readxl/RSEC-2023-2.yaml index 9d7f2c7..5f7d842 100644 --- a/vulns/readxl/RSEC-2023-2.yaml +++ b/vulns/readxl/RSEC-2023-2.yaml @@ -3,6 +3,7 @@ details: The readxl R package is exposed to a vulnerability owing to its underly The vulnerability originates in the xls_getWorkSheet function within xls.c in libxls. Attackers can exploit this flaw by utilizing a specially crafted XLS file, leading to a Denial of Service (DoS) attack. +summary: Denial of Service (DoS) vulnerability affected: - package: name: readxl @@ -25,5 +26,5 @@ references: url: https://nvd.nist.gov/vuln/detail/CVE-2021-27836 aliases: - CVE-2021-27836 -modified: "2023-07-13T02:46:57.600Z" +modified: "2023-10-20T07:27:00.600Z" published: "2023-07-13T02:46:57.600Z"