漏洞修补列表
软件名称 |
软件版本 |
漏洞编号 |
CVE编号 |
实际CVSS得分 |
漏洞描述 |
解决版本 |
|---|---|---|---|---|---|---|
musl |
1.2.0 |
HWPSIRT-2020-34027 |
CVE-2020-28928 |
5.5 |
In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). |
Kunpeng BoostKit 21.0.0 |
OpenSSL |
1.1.1k |
HWPSIRT-2021-89770 |
CVE-2021-3711 |
9.8 |
A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. |
Kunpeng BoostKit 21.0.0 |
OpenSSL |
1.1.1k |
HWPSIRT-2021-85906 |
CVE-2021-3712 |
7.4 |
If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). |
Kunpeng BoostKit 21.0.0 |
OpenSSL |
1.1.1k |
HWPSIRT-2022-00229 |
CVE-2021-4160 |
6.9 |
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb). |
Kunpeng BoostKit 21.0.0.SPC1 |
OpenSSL |
1.1.1k |
HWPSIRT-2022-46709 |
CVE-2022-0778 |
7.5 |
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). |
Kunpeng BoostKit 21.0.0.SPC1 |
软件名称 |
软件版本 |
漏洞编号 |
CVE编号 |
CVSS |
漏洞描述 |
解决版本 |
|---|---|---|---|---|---|---|
iTrustee |
6.0.0 |
HWPSIRT-2022-87612 |
CVE-2022-38994 |
4.4 |
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. |
Kunpeng BoostKit 21.0.0.SPC2 |
iTrustee |
6.0.0 |
HWPSIRT-2022-98936 |
CVE-2022-38995 |
4.4 |
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. |
Kunpeng BoostKit 21.0.0.SPC2 |