ROSA LABROSA-SA-2024-2476Advisory ROSA-SA-2024-2476
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
software: ldns 1.8.3
OS: ROSA-CHROME
package_evr_string: ldns-1.8.3-1
CVE-ID: CVE-2020-19861
BDU-ID: 2022-05917
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the ldns_nsec3_salt_data function of the DNS LDNS library is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability allows an attacker acting remotely to gain access to sensitive data
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update ldns
CVE-ID: CVE-2020-19860
BDU-ID: 2022-05877
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the ldns_rrr_new_frm_str_internal function of the DNS LDNS library is related to a read outside the allowed data buffer boundaries. Exploitation of the vulnerability allows an attacker acting remotely to gain access to sensitive data
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update ldns
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low