SB20250520104 - Multiple vulnerabilities in Dell Data Protection Search

Description

This security bulletin contains information about 18 secuirty vulnerabilities.

1) OS Command Injection (CVE-ID: CVE-2022-1292)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.

2) Information disclosure (CVE-ID: CVE-2016-0800)

The vulnerability allows a remote attacker to decrypt sensitive information.

The vulnerability exists due to usage of weak SSLv2 protocol, which requires to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data. A remote attacker can decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle.

The vulnerability is dubbed "DROWN" attack.

3) Buffer overflow (CVE-ID: CVE-2016-0799)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to fmtstr function in crypto/bio/b_print.c in OpenSSL improperly calculates string lengths. A remote attacker can cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string.

4) Memory leak (CVE-ID: CVE-2016-0798)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the SRP_VBASE_get_by_user implementation in OpenSSL. A remote attacker can perform a denial of service attack (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c

5) Input validation error (CVE-ID: CVE-2016-0797)

The vulnerability allows remote attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.

6) Double free error (CVE-ID: CVE-2016-0705)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to double-free error when parsing DSA private keys. A remote attacker can trigger memory corruption and cause the service to crash.

7) Information disclosure (CVE-ID: CVE-2016-0702)

The vulnerability allows a local attacker to decrypt data passed via encrypted SSL connection.

The vulnerability exists in the MOD_EXP_CTIME_COPY_FROM_PREBUF() function in crypto/bn/bn_exp.c. The application does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts.

The vulnerability was dubbed "CacheBleed".

8) Memory corruption (CVE-ID: CVE-2016-2108)

The vulnerability allows a remote user to cause memory corruption on the target system.

The weakness exists due to buffer underflow with an out-of-bounds write in i2c_ASN1_INTEGER. As ASN.1 parser (specifically, d2i_ASN1_TYPE) can misinterpret a large universal tag as a negative zero value, attacker may easily corrupt memory.

Successful exploitation of the vulnerability will allow a malicious user to trigger memory corruption on the vulnerable system.

9) OS Command Injection (CVE-ID: CVE-2022-2068)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.

The vulnerability exists due to incomplete fix for #VU62765 (CVE-2022-1292).

10) Improper input validation (CVE-ID: CVE-2025-0509)

The vulnerability allows a remote privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Install (Sparkle) component in Oracle Java SE. A remote privileged user can exploit this vulnerability to execute arbitrary code.

11) Missing Encryption of Sensitive Data (CVE-ID: CVE-2023-46219)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to an error when handling HSTS long file names. When saving HSTS data to an excessively long file name, curl can end up removing all contents from the file, making subsequent requests using that file unaware of the HSTS status they should otherwise use. As a result, a remote attacker can perform MitM attack.

12) Information disclosure (CVE-ID: CVE-2023-46218)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error in curl that allows a malicious HTTP server to set "super cookies" that are then passed back to more origins than what is otherwise allowed or possible. A remote attacker can force curl to send such cookie to different and unrelated sites and domains.

13) Buffer overflow (CVE-ID: CVE-2022-23820)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper validation of the AMD SMM communication buffer. A local user can corrupt the SMRAM and execute arbitrary code on the system.

14) Reliance on undefined behavior (CVE-ID: CVE-2023-20592)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to unexpected behavior of the INVD instruction in some AMD CPUs. A malicious hypervisor can affect cache line write-back behavior of the CPU and modify guest virtual machine (VM) memory.

15) Input validation error (CVE-ID: CVE-2023-20526)

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in the ASP Bootloader. An attacker with physical access to device can read contents of ASP memory.

16) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2023-20521)

The vulnerability allows an attacker to perform a denial of service attack.

The vulnerability exists due to a race condition in ASP Bootloader. An attacker with physical access to device can tamper with SPI ROM records after memory content verification and gain access to sensitive information of perform a denial of service (DoS) attack.

17) Configuration (CVE-ID: CVE-2022-23830)

The issue may allow a local user to bypass implemented security restrictions.

The issue exists due to immutable SMM configuration when SNP is enabled. A local user can modify guest memory.

18) Improper input validation (CVE-ID: CVE-2025-21502)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.

Remediation

Install update from vendor's website.

References

• https://www.dell.com/support/kbdoc/nl-nl/000290991/dsa-2025-109-security-update-for-dell-data-protection-search-for-multiple-component-vulnerabilities