CVE Status

From Yocto Project
Revision as of 21:34, 24 August 2023 by RossBurton (talk | contribs)
Jump to navigationJump to search

This is a list of CVEs which are currently being reported as open, and the current state.

CVE-2022-3219 (gnupg)

Hypothetical DoS. A patch was proposed but hasn't been reviewed or merged.

CVE-2022-33065 (libsndfile1)

Integer overflow, still open upstream.

CVE-2022-46456 (nasm)

Buffer overflow, still open upstream.

CVE-2023-0687 (glibc)

Bad CPE, should be marked as fixed in 2.38. Emailed NIST, data not updated yet.

CVE-2023-37769 (pixman)

Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. This ticket has the details.

CVE-2023-1386 CVE-2023-3019 CVE-2023-3180 CVE-2023-3354 CVE-2023-40360 CVE-2023-4135 (qemu)

Retrieved from "https://wiki.yoctoproject.org/wiki/index.php?title=CVE_Status&oldid=85886"