To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. Runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead. A patch is available as commit `d1c5e4d` in the `master` branch. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. This vulnerability is related to CVE-2022-24793. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. PJSIP is a free and open source multimedia communication library written in C. Netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution. ![]() ![]() Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |