CVE-2022-2963: A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or…

CVE-2022-2963 [HIGH] Oracle Oracle Communications Risk Matrix: Install/Upgrade (JasPer) — CVE-2022-2963 Oracle Oracle Communications Risk Matrix: Install/Upgrade (JasPer) vulnerability CVE: CVE-2022-2963 CVSS: 7.5 Protocol: HTTP Remote exploit: Yes Affected versions: Network Advisory: cpujul2023 (JUL 2023)

CVE-2022-2963 [HIGH] CWE-401 jasper: memory leaks in function cmdopts_parse jasper: memory leaks in function cmdopts_parse A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault. A vulnerability found in jasper. A memory leak bug occurs in the cmdopts_parse function, possibly causing a crash or segmentation fault. Statement: Red Hat has determined this vulnerability to be of moderate impact as the memory leak occurs when cmdline parsing fails and causes the process to terminate right away without releasing the memory, leading to the leak. It would take repeated invocations to exhaust system memory and potentially cause service degradation over time. Package: jasper (Red Hat Enterprise Linux 8) - Will not fix Package: jasper (Red Hat Enterprise Lin

CVE-2022-25901 [MEDIUM] CWE-1333 cookiejar Regular Expression Denial of Service via Cookie.parse function cookiejar Regular Expression Denial of Service via Cookie.parse function Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service (ReDoS) via the `Cookie.parse` function and other aspects of the API, which use an insecure regular expression for parsing cookie values. Applications could be stalled for extended periods of time if untrusted input is passed to cookie values or attempted to parse from request headers. Proof of concept: ``` ts\nconst { CookieJar } = require("cookiejar"); const jar = new CookieJar(); const start = performance.now(); const attack = "a" + "t".repeat(50_000); jar.setCookie(attack); console.log(`CookieJar.setCookie(): ${performance.now() - start}ms`); ``` ``` CookieJar.setCookie(): 2963.214399999939ms ```

CVE-2022-2963 [HIGH] CVE-2022-2963: A vulnerability found in jasper A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.

CVE-2022-2963 [HIGH] CWE-401 GHSA-g89h-fpvv-hmhh: A vulnerability found in jasper A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.