The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.
openjpeg: Stack-buffer overflow in the pgxtoimage function (CVE-2017-17479)
openjpeg: heap-based buffer overflow in opj_t2_encode_packet function in openjp2/t2.c (CVE-2020-27844)
Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.
(CVE-2016-10504)
NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. (CVE-2016-10505)
Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. (CVE-2016-10506)
Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file. (CVE-2016-10507)
The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c. (CVE-2017-12982)
A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. (CVE-2017-14039)
An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact. (CVE-2017-14040)
A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. (CVE-2017-14041)
An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in lib/openjp2/t1.c) or possibly remote code execution. (CVE-2017-14151)
A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap- based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution. (CVE-2017-14152)
An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow. (CVE-2018-16375)
An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. (CVE-2018-16376)
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). (CVE-2018-20845)
Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). (CVE-2018-20846)
An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. (CVE-2018-20847)
An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress. (CVE-2019-6988)
jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. (CVE-2020-15389)
A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-27823)
A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability. (CVE-2020-27824)
There’s a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability. (CVE-2020-27841)
There’s a flaw in openjpeg’s t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. (CVE-2020-27842)
A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. (CVE-2020-27843)
There’s a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg’s conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability. (CVE-2020-27845)
Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option -ImgDir on a directory that contains 1048576 files. (CVE-2021-29338)
A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. (CVE-2021-3575)
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. (CVE-2022-1122)
Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory openjpeg. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(196570);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/12");
script_cve_id(
"CVE-2016-10504",
"CVE-2016-10505",
"CVE-2016-10506",
"CVE-2016-10507",
"CVE-2017-12982",
"CVE-2017-14039",
"CVE-2017-14040",
"CVE-2017-14041",
"CVE-2017-14151",
"CVE-2017-14152",
"CVE-2017-17479",
"CVE-2018-16375",
"CVE-2018-16376",
"CVE-2018-20845",
"CVE-2018-20846",
"CVE-2018-20847",
"CVE-2019-6988",
"CVE-2020-15389",
"CVE-2020-27823",
"CVE-2020-27824",
"CVE-2020-27841",
"CVE-2020-27842",
"CVE-2020-27843",
"CVE-2020-27844",
"CVE-2020-27845",
"CVE-2021-3575",
"CVE-2021-29338",
"CVE-2022-1122"
);
script_xref(name:"CEA-ID", value:"CEA-2021-0025");
script_name(english:"RHEL 6 : openjpeg (Unpatched Vulnerability)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 6 host is affected by multiple vulnerabilities that will not be patched.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.
- openjpeg: Stack-buffer overflow in the pgxtoimage function (CVE-2017-17479)
- openjpeg: heap-based buffer overflow in opj_t2_encode_packet function in openjp2/t2.c (CVE-2020-27844)
- Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0
allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.
(CVE-2016-10504)
- NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function
in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG
before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k
files. (CVE-2016-10505)
- Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl
in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash)
via crafted j2k files. (CVE-2016-10506)
- Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0
allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash)
via a crafted bmp file. (CVE-2016-10507)
- The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a
zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in
the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in
opj_malloc.c. (CVE-2017-12982)
- A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in
OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of
service or possibly unspecified other impact. (CVE-2017-14039)
- An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the
tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other
impact. (CVE-2017-14040)
- A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG
2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or
possibly remote code execution. (CVE-2017-14041)
- An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in
OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of
service (heap-based buffer overflow affecting opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in
lib/openjp2/t1.c) or possibly remote code execution. (CVE-2017-14151)
- A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG
2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-
based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in
lib/openjp2/j2k.c) or possibly remote code execution. (CVE-2017-14152)
- An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in
the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow. (CVE-2018-16375)
- An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function
t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to
remote denial of service or possibly unspecified other impact. (CVE-2018-16376)
- Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in
openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application
crash). (CVE-2018-20845)
- Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl,
pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a
denial of service (application crash). (CVE-2018-20846)
- An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in
openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. (CVE-2018-20847)
- An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service
(attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from
opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress. (CVE-2019-6988)
- jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a
mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free
may also be possible. This is related to calling opj_image_destroy twice. (CVE-2020-15389)
- A flaw was found in OpenJPEG's encoder. This flaw allows an attacker to pass specially crafted x,y offset
input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to
confidentiality, integrity, as well as system availability. (CVE-2020-27823)
- A flaw was found in OpenJPEG's encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows
an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest
threat from this vulnerability is to system availability. (CVE-2020-27824)
- There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to
provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The
greatest impact from this flaw is to application availability. (CVE-2020-27841)
- There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide
crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of
this flaw is to application availability. (CVE-2020-27842)
- A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially
crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest
threat from this vulnerability is system availability. (CVE-2020-27843)
- There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to
provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds
read. The highest impact of this flaw is to application availability. (CVE-2020-27845)
- Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of
Service (DoS). This occurs when the attacker uses the command line option -ImgDir on a directory that
contains 1048576 files. (CVE-2021-29338)
- A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing
a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the
application compiled against openjpeg. (CVE-2021-3575)
- A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input
directory with a large number of files. When it fails to allocate a buffer to store the filenames of the
input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial
of service. (CVE-2022-1122)
Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-27844");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2017-17479");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openjpeg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openjpeg2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'pkgs': [
{'reference':'openjpeg', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'openjpeg'}
]
}
];
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
foreach var pkg ( constraint_array['pkgs'] ) {
var unpatched_pkg = NULL;
var _release = NULL;
var sp = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (unpatched_pkg &&
_release &&
(!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : unpatched_packages_report()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openjpeg');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10504
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10505
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10506
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10507
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12982
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14039
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14040
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14041
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14151
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14152
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17479
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16375
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16376
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20845
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20846
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20847
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6988
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15389
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27823
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27824
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27841
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27842
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27843
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27844
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27845
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29338
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3575
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1122