summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFernando ApesteguĂ­a <fernape@FreeBSD.org>2022-11-24 17:13:42 +0100
committerFernando ApesteguĂ­a <fernape@FreeBSD.org>2022-11-24 17:14:42 +0100
commit119b6f865b2c45ab1ba927e62bf41e122fb4ea08 (patch)
tree7f66cda35bf34d3bcdfc794ca1d386685140c143
parentgames/oblige: use the ports instead of bundled 3rd-party components (diff)
security/vuxml: Add multiple CVEs for advancecomp
PR: 267937
-rw-r--r--security/vuxml/vuln/2022.xml43
1 files changed, 43 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2022.xml b/security/vuxml/vuln/2022.xml
index 6df45ca26664..53684beae82a 100644
--- a/security/vuxml/vuln/2022.xml
+++ b/security/vuxml/vuln/2022.xml
@@ -1,3 +1,46 @@
+ <vuln vid="b6a84729-6bd0-11ed-8d9a-b42e991fc52e">
+ <topic>advancecomp -- Multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>advancecomp</name>
+ <range><lt>2.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>GitHub advisories reports:</p>
+ <blockquote cite="https://github.com/advisories/GHSA-8xqx-5mpr-g8xj">
+ <p>Multiple vulnerabilities found in advancecomp including:</p>
+ <ul>
+ <li>Three segmentation faults.</li>
+ <li>Heap buffer overflow via le_uint32_read at /lib/endianrw.h.</li>
+ <li>Three more heap buffer overflows.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2022-35014</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2022-35014</url>
+ <cvename>CVE-2022-35015</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2022-35015</url>
+ <cvename>CVE-2022-35016</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2022-35016</url>
+ <cvename>CVE-2022-35017</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2022-35017</url>
+ <cvename>CVE-2022-35018</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2022-35018</url>
+ <cvename>CVE-2022-35019</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2022-35019</url>
+ <cvename>CVE-2022-35020</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2022-35020</url>
+ </references>
+ <dates>
+ <discovery>2022-08-29</discovery>
+ <entry>2022-11-24</entry>
+ </dates>
+ </vuln>
+
<vuln vid="e0f26ac5-6a17-11ed-93e7-901b0e9408dc">
<topic>tailscale -- Security vulnerability in the client</topic>
<affects>