Lucene search
Alpine Linux Development TeamALPINE:CVE-2023-25193HistoryFeb 04, 2023 - 8:15 p.m.
CVE-2023-25193
2023-02-0420:15:08
Alpine Linux Development Team
security.alpinelinux.org
53
harfbuzz
o(n^2) growth
cve-2023-25193
unix
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.003
Percentile
68.2%
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | 3.17-main | noarch | harfbuzz | = 5.3.1-r1 | UNKNOWN |
| Alpine | 3.16-main | noarch | harfbuzz | = 4.3.0-r0 | UNKNOWN |
| Alpine | 3.15-main | noarch | harfbuzz | = 3.0.0-r2 | UNKNOWN |
| Alpine | 3.14-main | noarch | harfbuzz | = 2.8.1-r0 | UNKNOWN |
| Alpine | edge-community | noarch | openjdk11 | < 11.0.20_p8-r0 | UNKNOWN |
| Alpine | edge-community | noarch | openjdk17 | < 17.0.8_p7-r0 | UNKNOWN |
| Alpine | 3.16-community | noarch | openjdk11 | < 11.0.20_p8-r0 | UNKNOWN |
| Alpine | 3.16-community | noarch | openjdk17 | < 17.0.8_p7-r0 | UNKNOWN |
| Alpine | 3.17-community | noarch | openjdk11 | < 11.0.20_p8-r0 | UNKNOWN |
| Alpine | 3.17-community | noarch | openjdk17 | < 17.0.8_p7-r0 | UNKNOWN |
Related
cve
cve
CVE-2023-25193
2023-02-04 20:15:08
ubuntucve
ubuntucve
CVE-2023-25193
2023-02-04 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: harfbuzz-7.0.1-2.fc38
2023-03-14 03:31:51
[SECURITY] Fedora 38 Update: cairo-1.17.8-2.fc38
2023-03-14 03:31:48
[SECURITY] Fedora 38 Update: freetype-2.13.0-2.fc38
2023-03-14 03:31:50
nessus
nessus
EulerOS 2.0 SP9 : harfbuzz (EulerOS-SA-2023-1846)
2023-05-10 00:00:00
EulerOS 2.0 SP11 : harfbuzz (EulerOS-SA-2023-2270)
2023-07-04 00:00:00
RHEL 7 : harfbuzz (Unpatched Vulnerability)
2024-05-11 00:00:00
openvas
openvas
Fedora: Security Advisory for freetype (FEDORA-2023-a48406ecd2)
2023-03-15 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:1821-1)
2023-05-05 00:00:00
Huawei EulerOS: Security Advisory for harfbuzz (EulerOS-SA-2023-1871)
2023-05-10 00:00:00
osv
osv
Moderate: harfbuzz security update
2024-04-30 00:00:00
harfbuzz-devel-6.0.0-2.1 on GA media
2024-06-15 00:00:00
Moderate: harfbuzz security update
2024-05-22 00:00:00
cvelist
cvelist
CVE-2023-25193
2023-02-04 00:00:00
f5
f5
K000135674 : HarfBuzz vulnerability CVE-2023-25193
2023-07-31 00:00:00
redos
redos
ROS-20240329-19
2024-03-29 00:00:00
oraclelinux
oraclelinux
harfbuzz security update
2024-05-23 00:00:00
harfbuzz security update
2024-05-02 00:00:00
java-11-openjdk security and bug fix update
2023-07-21 00:00:00
nvd
nvd
CVE-2023-25193
2023-02-04 20:15:08
amazon
amazon
Medium: harfbuzz
2024-07-03 20:05:00
Medium: java-11-amazon-corretto
2023-07-17 17:39:00
Medium: java-17-amazon-corretto
2023-07-17 17:39:00
cbl_mariner
cbl_mariner
CVE-2023-25193 affecting package mozjs60 60.9.0-13
2024-10-01 09:12:07
CVE-2023-25193 affecting package qt5-qtbase 5.12.11-13
2024-10-01 09:12:11
CVE-2023-25193 affecting package harfbuzz 2.6.4-4
2023-03-16 03:40:02
debiancve
debiancve
CVE-2023-25193
2023-02-04 20:15:08
prion
prion
Code injection
2023-02-04 20:15:00
almalinux
almalinux
Moderate: harfbuzz security update
2024-04-30 00:00:00
Moderate: harfbuzz security update
2024-05-22 00:00:00
Moderate: java-11-openjdk security and bug fix update
2023-07-20 00:00:00
redhat
redhat
(RHSA-2024:2980) Moderate: harfbuzz security update
2024-05-22 06:35:15
(RHSA-2024:2410) Moderate: harfbuzz security update
2024-04-30 06:15:38
(RHSA-2023:4163) Moderate: java-11-openjdk security and bug fix update
2023-07-19 16:37:24
redhatcve
redhatcve
CVE-2023-25193
2023-02-06 04:26:12
veracode
veracode
Denial Of Service (DoS)
2023-02-09 17:06:41
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0339
2023-02-23 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0538
2023-02-26 00:00:00
ibm
ibm
ubuntu
ubuntu
OpenJDK 20 vulnerabilities
2023-08-03 00:00:00
OpenJDK regression
2023-08-30 00:00:00
OpenJDK vulnerabilities
2023-08-01 00:00:00
gentoo
gentoo
HarfBuzz: Denial of Service
2024-07-10 00:00:00
kaspersky
kaspersky
KLA51006 Multiple vulnerabilities in Oracle Java SE and GraalVM
2023-07-18 00:00:00
mageia
mageia
Updated java packages fix security vulnerabilities
2023-09-30 22:15:40
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.003
Percentile
68.2%
Related for ALPINE:CVE-2023-25193