CVE-2018-16842: Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure…

[MEDIUM] Hitachi Energy MSM Product ## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs. ICS Advisory ## Hitachi Energy MSM Product Last RevisedAugust 30, 2022 Alert CodeICSA-22-242-03 ## 1. EXECUTIVE SUMMARY - CVSS v3 7.5 - ATTENTION: Exploitable remotely/low attack complexity - Vendor: Hitachi Energy - Equipment: MSM Product - Vulnerability: Reliance on Uncontrolled Component ## 2. RISK EVALUATION Successful exploitation of this vulnerability could disrupt the functionality of the MSM web interface, steal sensitive user credentials, or cause a denial-of-service condition. ## 3. TECHNICAL DETAILS ## 3.1 AFFECTED PRODUCTS Hitachi Energy reports multiple open-source softwar

CVE-2018-16842 [MEDIUM] curl vulnerability Title: curl vulnerability Summary: Several security issues were fixed in curl. USN-3805-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Brian Carpenter discovered that the curl command-line tool incorrectly handled error messages. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2018-16842) Instructions: In general, a standard system update will make all the necessary changes.

CVE-2018-16839 [MEDIUM] curl vulnerabilities Title: curl vulnerabilities Summary: Several security issues were fixed in curl. Harry Sintonen discovered that curl incorrectly handled SASL authentication. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-16839) Brian Carpenter discovered that curl incorrectly handled memory when closing certain handles. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-16840) Brian Carpenter discovered that the curl command-line tool incorrectly handled error messages. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2018-16842) Instructions: In general, a standard system update

CVE-2018-16842 [MEDIUM] CWE-125 curl: Heap-based buffer over-read in the curl tool warning formatting curl: Heap-based buffer over-read in the curl tool warning formatting Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. Package: rh-dotnetcore10-curl (.NET Core 1.0 on Red Hat Enterprise Linux) - Out of support scope Package: rh-dotnetcore11-curl (.NET Core 1.1 on Red Hat Enterprise Linux) - Out of support scope Package: rh-dotnet21-curl (.NET Core 2.1 on Red Hat Enterprise Linux) - Out of support scope Package: curl (Red Hat Enterprise Linux 5) - Will not fix Package: curl (Red Hat Enterprise Linux 6) - Will not fix Package: curl (Red Hat Enterprise Linux 8) - Not affected Package: jbcs-httpd24-curl (Red Hat JBoss Core Services) - Affected Package:

CVE-2018-16842 [MEDIUM] CVE-2018-16842: curl - Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-r... Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. Scope: local bookworm: resolved (fixed in 7.62.0-1) bullseye: resolved (fixed in 7.62.0-1) forky: resolved (fixed in 7.62.0-1) sid: resolved (fixed in 7.62.0-1) trixie: resolved (fixed in 7.62.0-1)

CVE-2018-16842 [CRITICAL] CWE-125 GHSA-wh7w-vjg6-xh6h: Curl versions 7 Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.

CVE-2018-16842 [CRITICAL] CVE-2018-16842: Curl versions 7 Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.

CVE-2018-16839 [CRITICAL] curl vulnerabilities curl vulnerabilities Harry Sintonen discovered that curl incorrectly handled SASL authentication. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-16839) Brian Carpenter discovered that curl incorrectly handled memory when closing certain handles. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-16840) Brian Carpenter discovered that the curl command-line tool incorrectly handled error messages. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2018-16842)

CVE-2018-16842 [MEDIUM] CVE-2018-16842 mingw-curl: curl: Heap-based buffer over-read in the curl tool warning formatting [epel-7] CVE-2018-16842 mingw-curl: curl: Heap-based buffer over-read in the curl tool warning formatting [epel-7] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-7. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. Discussion: Use the followi

CVE-2018-16842 [MEDIUM] CVE-2018-16842 curl: Heap-based buffer over-read in the curl tool warning formatting [fedora-all] CVE-2018-16842 curl: Heap-based buffer over-read in the curl tool warning formatting [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multipl

CVE-2018-16842 [MEDIUM] CVE-2018-16842 curl: Heap-based buffer over-read in the curl tool warning formatting CVE-2018-16842 curl: Heap-based buffer over-read in the curl tool warning formatting Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function. This display function formats the output to wrap at 80 columns. The wrap logic is however flawed, so if a single word in the message is itself longer than 80 bytes the buffer arithmetic calculates the remainder wrong and will end up reading behind the end of the buffer. This could lead to information disclosure or crash. Discussion: Acknowledgments: Name: the Curl project Upstream: Brian Carpenter (Geeknik Labs) --- External Reference: https://curl.haxx.se/docs/CVE-2018-16842.html Upstream Patch: https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211 ---

Beyond Fidelity: Explaining Vulnerability Localization of Learning-based Detectors empty Beyond Fidelity: Explaining Vulnerability Localization of Learning-based Detectors Baijun Cheng Equal contribution [email protected] Peking University 5 Yiheyuan Road, Haidian District Beijing China 100871 Shengming Zhao [email protected] [1] University of Alberta 11011-88 Avenue Edmonton Alberta Canada T6G 2G5 Kailong Wang Corresponding authors [email protected] Huazhong University of Science and Technology 1037 Luoyu Road, Hongshan District wuhan hubei China 430074 Meizhen Wang [email protected] Huazhong University of Science and Technology 1037 Luoyu Road, Hongshan District wuhan hubei China 430074 Guangdong Bai [email protected] University of Queensland St Lucia QLD Brisbane Queensland Australia 4072 Ruitao Feng [email protected] University of New So