Vulnerabilidades

*** Pendiente de traducción *** Out-of-bounds Read vulnerability in Rinnegatamante lpp-vita.This issue affects lpp-vita: before lpp-vita r6.

*** Pendiente de traducción *** Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in themrdemonized xray-monolith.This issue affects xray-monolith: before 2025.12.30.

*** Pendiente de traducción *** Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability affects Firefox

*** Pendiente de traducción *** improper pointer arithmetic<br /> <br /> vulnerability in ProjectSkyfire SkyFire_548.This issue affects SkyFire_548: before 5.4.8-stable5.

*** Pendiente de traducción *** Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.

*** Pendiente de traducción *** Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.

*** Pendiente de traducción *** Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability affects Firefox

*** Pendiente de traducción *** The vulnerability stems from an incorrect error-checking logic in the CreateCounter() function (in threadx/utility/rtos_compatibility_layers/OSEK/tx_osek.c) when handling the return value of osek_get_counter(). Specifically, the current code checks if cntr_id equals 0u to determine failure, but @osek_get_counter() actually returns E_OS_SYS_STACK (defined as 12U) when it fails. This mismatch causes the error branch to never execute even when the counter pool is exhausted.<br /> <br /> As a result, when the counter pool is depleted, the code proceeds to cast the error code (12U) to a pointer (OSEK_COUNTER *), creating a wild pointer. Subsequent writes to members of this pointer lead to writes to illegal memory addresses (e.g., 0x0000000C), which can trigger immediate HardFaults or silent memory corruption.<br /> <br /> This vulnerability poses significant risks, including potential denial-of-service attacks (via repeated calls to exhaust the counter pool) and unauthorized memory access.

*** Pendiente de traducción *** Issue summary: A type confusion vulnerability exists in the signature<br /> verification of signed PKCS#7 data where an ASN1_TYPE union member is<br /> accessed without first validating the type, causing an invalid or NULL<br /> pointer dereference when processing malformed PKCS#7 data.<br /> <br /> Impact summary: An application performing signature verification of PKCS#7<br /> data or calling directly the PKCS7_digest_from_attributes() function can be<br /> caused to dereference an invalid or NULL pointer when reading, resulting in<br /> a Denial of Service.<br /> <br /> The function PKCS7_digest_from_attributes() accesses the message digest attribute<br /> value without validating its type. When the type is not V_ASN1_OCTET_STRING,<br /> this results in accessing invalid memory through the ASN1_TYPE union, causing<br /> a crash.<br /> <br /> Exploiting this vulnerability requires an attacker to provide a malformed<br /> signed PKCS#7 to an application that verifies it. The impact of the<br /> exploit is just a Denial of Service, the PKCS7 API is legacy and applications<br /> should be using the CMS API instead. For these reasons the issue was<br /> assessed as Low severity.<br /> <br /> The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,<br /> as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module<br /> boundary.<br /> <br /> OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

*** Pendiente de traducción *** Issue summary: An invalid or NULL pointer dereference can happen in<br /> an application processing a malformed PKCS#12 file.<br /> <br /> Impact summary: An application processing a malformed PKCS#12 file can be<br /> caused to dereference an invalid or NULL pointer on memory read, resulting<br /> in a Denial of Service.<br /> <br /> A type confusion vulnerability exists in PKCS#12 parsing code where<br /> an ASN1_TYPE union member is accessed without first validating the type,<br /> causing an invalid pointer read.<br /> <br /> The location is constrained to a 1-byte address space, meaning any<br /> attempted pointer manipulation can only target addresses between 0x00 and 0xFF.<br /> This range corresponds to the zero page, which is unmapped on most modern<br /> operating systems and will reliably result in a crash, leading only to a<br /> Denial of Service. Exploiting this issue also requires a user or application<br /> to process a maliciously crafted PKCS#12 file. It is uncommon to accept<br /> untrusted PKCS#12 files in applications as they are usually used to store<br /> private keys which are trusted by definition. For these reasons, the issue<br /> was assessed as Low severity.<br /> <br /> The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,<br /> as the PKCS12 implementation is outside the OpenSSL FIPS module boundary.<br /> <br /> OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.<br /> <br /> OpenSSL 1.0.2 is not affected by this issue.

*** Pendiente de traducción *** Loop with Unreachable Exit Condition (&amp;#39;Infinite Loop&amp;#39;) vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.

*** Pendiente de traducción *** Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer<br /> dereference in the PKCS12_item_decrypt_d2i_ex() function.<br /> <br /> Impact summary: A NULL pointer dereference can trigger a crash which leads to<br /> Denial of Service for an application processing PKCS#12 files.<br /> <br /> The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct<br /> parameter is NULL before dereferencing it. When called from<br /> PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can<br /> be NULL, causing a crash. The vulnerability is limited to Denial of Service<br /> and cannot be escalated to achieve code execution or memory disclosure.<br /> <br /> Exploiting this issue requires an attacker to provide a malformed PKCS#12 file<br /> to an application that processes it. For that reason the issue was assessed as<br /> Low severity according to our Security Policy.<br /> <br /> The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,<br /> as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.<br /> <br /> OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.