Security Vulnerabilities - CVEs Published In October 2023
Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to
exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295
will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds.
CVSS Score
7.5
EPSS Score
0.008
Published
2023-10-10
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.
CVSS Score
9.8
EPSS Score
0.014
Published
2023-10-10
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.
CVSS Score
9.8
EPSS Score
0.014
Published
2023-10-10
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.
CVSS Score
8.8
EPSS Score
0.019
Published
2023-10-10
An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. While the ISN generator seems to adhere to RFC 793 (where a global 32-bit counter is incremented roughly every 4 microseconds), proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-10-10
In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-10-10
In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-10-10
In FNET 4.6.3, TCP ISNs are improperly random.
CVSS Score
9.1
EPSS Score
0.002
Published
2023-10-10
In Contiki 4.5, TCP ISNs are improperly random.
CVSS Score
9.1
EPSS Score
0.002
Published
2023-10-10
In PicoTCP 1.7.0, TCP ISNs are improperly random.
CVSS Score
9.1
EPSS Score
0.002
Published
2023-10-10