Security Vulnerabilities - CVEs Published In March 2023
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `>` or `-` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources.
CVSS Score
5.3
EPSS Score
0.005
Published
2023-03-31
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `_` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources.
### Impact
A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service.
### Proof of concept
```
$ ~/cmark-gfm$ python3 -c 'pad = "_" * 100000; print(pad + "." + pad, end="")' | time ./build/src/cmark-gfm --to plaintext
```
Increasing the number 10000 in the above commands causes the running time to increase quadratically.
### Patches
This vulnerability have been patched in 0.29.0.gfm.10.
### Note on cmark and cmark-gfm
XXX: TBD
[cmark-gfm](https://github.com/github/cmark-gfm) is a fork of [cmark](https://github.com/commonmark/cmark) that adds the GitHub Flavored Markdown extensions. The two codebases have diverged over time, but share a common core. These bugs affect both `cmark` and `cmark-gfm`.
### Credit
We would like to thank @gravypod for reporting this vulnerability.
### References
https://en.wikipedia.org/wiki/Time_complexity
### For more information
If you have any questions or comments about this advisory:
* Open an issue in [github/cmark-gfm](https://github.com/github/cmark-gfm)
CVSS Score
5.3
EPSS Score
0.002
Published
2023-03-31
Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app (richdocuments) is upgraded to 8.0.0-beta.1, 7.0.2 or 6.3.2. Users unable to upgrade may mitigate the issue by taking steps to restrict the ability to download documents. This includes ensuring that the `WOPI configuration` is configured to only serve documents between Nextcloud and Collabora. It is highly recommended to define the list of Collabora server IPs as the allow list within the Office admin settings of Nextcloud.
CVSS Score
5.7
EPSS Score
0.001
Published
2023-03-31
Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
5.7
EPSS Score
0.001
Published
2023-03-31
Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they themselves are not members. It is recommended that the Nextcloud Talk is upgraded to 14.0.9 or 15.0.4. There are no known workarounds for this vulnerability.
CVSS Score
3.5
EPSS Score
0.002
Published
2023-03-31
X-Man 1.0 has a SQL injection vulnerability, which can cause data leakage.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-03-31
There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-03-31
Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-03-31
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.
CVSS Score
10.0
EPSS Score
0.007
Published
2023-03-31
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-03-31
Page 1