The problem occurs when processing XSLT stylesheets with long strings that exceed the maximum value of long. This can happen when parsing attributes or stylesheet parameters.

An attacker can exploit this issue to execute arbitrary code with the privileges of the libexpat process.

The updated packages were released on November 1, 2017.

Exim (CVE-2017-7529) has a heap-based buffer overflow in the parsing of the SMTP extensions.

An attacker can exploit this issue to execute arbitrary code with the privileges of the Exim process.

The updated packages were released on August 8, 2017.

In GnuPG 2.1 before 2.1.26 and 2.2 before 2.2.11, a buffer overflow in the parsing of X.509 certificates was discovered.
An attacker can exploit this issue to execute arbitrary code with the privileges of the GnuPG process.
The updated packages were released on August 8, 2017.

In glibc 2.17 before 2.17-r2, a buffer overflow in the parsing of X.509 certificates was discovered. An attacker can exploit this issue to execute arbitrary code with the privileges of the glibc process.
This issue does not affect Red Hat Enterprise Linux 6 or Red Hat Enterprise Linux 7. The updated packages were released on August 8, 2017.

In GnuPG 2.1 before 2.1.26 and 2.2 before 2.

Vulnerability in libtasn1

An attacker can exploit this issue to cause a denial of service (application crash) or possibly gain privileges.

Timeline

Published on: 01/26/2022 19:15:00 UTC
Last modified on: 06/14/2022 11:15:00 UTC

References