SB2023022165 - Multiple vulnerabilities in OpenShift Container Platform 4.12
Published: February 21, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 16 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2022-2880)
The vulnerability allows a remote attacker to perform parameter smuggling attacks.
The vulnerability exists due to incorrect handling of requests forwarded by ReverseProxy in net/http/httputil. A remote attacker can supply specially crafted parameters that cannot be parsed and are rejected by net/http and force the application to include these parameters into the forwarding request. As a result, a remote attacker can smuggle potentially dangerous HTTP parameters into the request.
2) Integer overflow (CVE-ID: CVE-2022-47629)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the CRL signature parser. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Heap-based buffer overflow (CVE-ID: CVE-2022-41903)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error during git archive invocation. A remote attacker can trick the victim into using the application against a specially crafted archive, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Resource exhaustion (CVE-ID: CVE-2022-41715)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in regexp/syntax when handling regular expressions. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
5) Integer overflow (CVE-ID: CVE-2022-23521)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input when parsing the .gitattributes attributes. A remote attacker can trick the victim into cloning a specially crafted repository and execute arbitrary code on the system.
6) Integer underflow (CVE-ID: CVE-2022-4338)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer underflow when parsing Auto Attach TLV. A remote attacker can send specially crafted LLDP messages to the affected system, trigger an integer underflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, by default interfaces are not configured to process LLDP messages.
7) Out-of-bounds read (CVE-ID: CVE-2022-4337)
The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when parsing Auto Attach TLV. A remote attacker can send specially crafted LLDP messages to the affected system, trigger an out-of-bounds read error and read contents of memory on the system of perform a denial of service (DoS) attack.
8) Resource management error (CVE-ID: CVE-2022-2879)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to absent limits on the maximum size of file headers within the Reader.Read method in archive/tar. A remote attacker can pass a specially crafted file to the application and perform a denial of service (DoS) attack.
9) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2022-41717)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to excessive memory growth when handling HTTP/2 server requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
10) Incorrect permission assignment for critical resource (CVE-ID: CVE-2022-0532)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect sysctls validation in CRI-O. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.
11) Resource exhaustion (CVE-ID: CVE-2021-44717)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when processing HTTP/2 requests. A remote attacker can send multiple HTTP/2 requests to the server and exhaust all available memory resources.
12) Input validation error (CVE-ID: CVE-2021-44716)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
13) Input validation error (CVE-ID: CVE-2021-41772)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in archive/zip Reader.Open. A remote attacker can pass specially crafted ZIP archive containing an invalid name or an empty filename field to the application and perform a denial of service (DoS) attack.
14) Type Confusion (CVE-ID: CVE-2021-41190)
The vulnerability allows a remote attacker to compromise the system.
The vulnerability exists due to a type confusion error. A remote authenticated attacker can pass specially crafted data to the application, trigger a type confusion error and interpret the resulting content differently.
15) Stored cross-site scripting (CVE-ID: CVE-2021-21684)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
16) Improper Certificate Validation (CVE-ID: CVE-2014-3577)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper certificate validation. A remote attacker can perform a man-in-the-middle (MitM) attack and spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate.
Remediation
Install update from vendor's website.