Security Bulletin: Order Management is subject to various OS vulnerabilites which could have allowed attacker various entry points into application.

Order Management has updated the container OS version and remediated to the point of code freeze. This bulletin identifies the steps to take to address the vulnerabilities by updating to the very latest OS version.

## Vulnerability Details

**CVEID:**CVE-2022-2923
**DESCRIPTION:** Vim is vulnerable to a denial of service, caused by a NULL pointer dereference in the sug_filltree function in vim/src/spellfile.c:5600. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-476: NULL Pointer Dereference
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.6
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L)

**CVEID:**CVE-2023-4813
**DESCRIPTION:** glibc is vulnerable to a denial of service, caused by a use-after-free flaw in the gaih_inet function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-416: Use After Free
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.9
**CVSS Vector:**(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-4039
**DESCRIPTION:** GNU GCC could allow a remote attacker to bypass security restrictions, caused by a buffer overflow in the -fstack-protector feature in GCC-based toolchains . By sending a specially crafted request, an attacker could exploit this vulnerability to change program flow control in the application.
**CWE:**CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
**CVSS Source:** IBM X-Force
**CVSS Base score:** 4.8
**CVSS Vector:**(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

**CVEID:**CVE-2023-4527
**DESCRIPTION:** glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the getaddrinfo function. By sending a DNS response over TCP larger than 2048 bytes, a remote attacker could overflow a buffer, allowing an attacker to obtain sensitive information or cause a denial of service.
**CWE:**CWE-121: Stack-based Buffer Overflow
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H)

**CVEID:**CVE-2022-44840
**DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer overflow vulnerability in function find_section_in_set in file readelf.c.. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-122: Heap-based Buffer Overflow
**CVSS Source:** IBM X-Force
**CVSS Base score:** 4
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2023-40217
**DESCRIPTION:** Python could allow a remote attacker to bypass security restrictions, caused by a race condition in the SSLSocket module. When the socket is closed before the TLS handshake is complete, the data is treated as if it had been encrypted by TLS. An attacker could exploit this vulnerability to bypass the TLS handshake and inject a malicious client certificate into the connection and gain access to the server’s resources without being authenticated.
**CWE:**CWE-295: Improper Certificate Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.4
**CVSS Vector:**(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

**CVEID:**CVE-2020-19185
**DESCRIPTION:** GNU ncurses is vulnerable to a denial of service, caused by a heap-based buffer over-read in the one_one_mapping function in progs/dump_entry.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-122: Heap-based Buffer Overflow
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.5
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2020-19190
**DESCRIPTION:** GNU ncurses is vulnerable to a denial of service, caused by a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-122: Heap-based Buffer Overflow
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.5
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-2182
**DESCRIPTION:** Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the utf_ptr2char function in mbyte.c:1794. By opening a specially-crafted file, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service.
**CWE:**CWE-122: Heap-based Buffer Overflow
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.8
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2022-47010
**DESCRIPTION:** Binutils is vulnerable to a denial of service, caused by a memory leak in function pr_function_type in prdbg.c. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-20: Improper Input Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 4
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2023-3446
**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check() functions to check a DH key or DH parameters. By sending a specially crafted request using long DH keys or parameters, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
**CWE:**CWE-20: Improper Input Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 3.7
**CVSS Vector:**(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2023-2222
**DESCRIPTION:**
**CVSS Source:** IBM X-Force
**CVSS Base score:** 0
**CVSS Vector:**

**CVEID:**CVE-2023-3817
**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check() functions to check a DH key or DH parameters. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
**CWE:**CWE-20: Improper Input Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 3.7
**CVSS Vector:**(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2023-4806
**DESCRIPTION:** GNU glibc is vulnerable to a denial of service, caused by a use-after-free flaw in the getaddrinfo() function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash.
**CWE:**CWE-416: Use After Free
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.9
**CVSS Vector:**(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-48063
**DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by an excessive memory consumption vulnerability in the function load_separate_debug_files at dwarf2.c. By persuading a victim to open a specially crafted ELF file, a remote attacker could exploit this vulnerability to cause a DNS attack.
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** IBM X-Force
**CVSS Base score:** 3.3
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2023-28322
**DESCRIPTION:** cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.. By sending a specially crafted request, an attacker could exploit this vulnerability to cause application to misbehave and either send off the wrong data or use memory after free or similar in the second transfer.
**CWE:**CWE-440: Expected Behavior Violation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 3.7
**CVSS Vector:**(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**CVE-2023-4016
**DESCRIPTION:** procps-ng procps is vulnerable to a denial of service, caused by a heap based buffer overflow when running the “ps” utility. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-122: Heap-based Buffer Overflow
**CVSS Source:** IBM X-Force
**CVSS Base score:** 3.3
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2020-19188
**DESCRIPTION:** GNU ncurses is vulnerable to a denial of service, caused by a stack-based buffer over-write in the fmt_entry function in progs/dump_entry.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-121: Stack-based Buffer Overflow
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.5
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2020-21490
**DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by a memory leak at microblaze-dis.c. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-20: Improper Input Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.5
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2020-35342
**DESCRIPTION:** GNU Binutils could allow a remote attacker to obtain sensitive information, caused by an uninitialized-heap flaw in the tic4x_print_cond function in tic4x-dis.c. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
**CWE:**CWE-665: Improper Initialization
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**CVE-2020-19186
**DESCRIPTION:** GNU ncurses is vulnerable to a denial of service, caused by a global buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.5
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2020-19724
**DESCRIPTION:** GNU nm is vulnerable to a denial of service, caused by a memory consumption flaw in the get_data function in binutils/nm.c. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-401: Missing Release of Memory after Effective Lifetime
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.5
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2020-19187
**DESCRIPTION:** GNU ncurses is vulnerable to a denial of service, caused by a heap-based buffer over-read in the fmt_entry function in progs/dump_entry.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-122: Heap-based Buffer Overflow
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.5
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-30630
**DESCRIPTION:** Dmidecode could allow a local authetnicated attacker to bypass security restrictions, caused by a flaw in the -dump-bin command. By sending a specially crafted request, an attacker could exploit this vulnerability to overwrite a local file.
**CWE:**CWE-287: Improper Authentication
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.1
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L)

**CVEID:**CVE-2023-27043
**DESCRIPTION:** Python could allow a remote attacker to bypass security restrictions, caused by a parsing flaw in the email.utils.parsaddr() and email.utils.getaddresses() functions. By sending a specially-crafted e-mail addresses with a special character, an attacker could exploit this vulnerability to send messages from e-mail addresses that would otherwise be rejected.
**CWE:**CWE-20: Improper Input Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**CVE-2022-47011
**DESCRIPTION:** Binutils is vulnerable to a denial of service, caused by a memory leak in function parse_stab_struct_fields in stabs.c. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-20: Improper Input Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 4
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2022-47673
**DESCRIPTION:** Binutils addr2line is vulnerable to a denial of service, caused by multiple out of bound reads in function parse_module. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service or other unspecified impacts.
**CWE:**CWE-125: Out-of-bounds Read
**CVSS Source:** IBM X-Force
**CVSS Base score:** 4
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2022-45703
**DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer overflow vulnerability in function display_debug_section in file readelf.c. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-122: Heap-based Buffer Overflow
**CVSS Source:** IBM X-Force
**CVSS Base score:** 4
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2023-4752
**DESCRIPTION:** Vim could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap-based use-after-free in function ins_compl_get_exp. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
**CWE:**CWE-416: Use After Free
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.8
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2023-39129
**DESCRIPTION:** GNU gdb is vulnerable to a denial of service, caused by a heap use-after-free flaw in the add_pe_exported_sym function in /gdb/coff-pe-read.c. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
**CWE:**CWE-416: Use After Free
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.5
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2020-19189
**DESCRIPTION:** GNU ncurses is vulnerable to a denial of service, caused by a heap-based buffer over-read in the postprocess_terminfo function in tinfo/parse_entry.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-122: Heap-based Buffer Overflow
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.5
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2021-46174
**DESCRIPTION:** Binutils is vulnerable to a denial of service, caused by a heap-based buffer overflow in the bfd_getl32 function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-122: Heap-based Buffer Overflow
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-35205
**DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by a reachable assertion failure in function display_debug_names. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-617: Reachable Assertion
**CVSS Source:** IBM X-Force
**CVSS Base score:** 4
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2022-47007
**DESCRIPTION:** Binutils is vulnerable to a denial of service, caused by a memory leak in function stab_demangle_v3_arg in stabs.c. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-20: Improper Input Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 4
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2022-47696
**DESCRIPTION:** Binutils objdump is vulnerable to a denial of service, caused by a flaw in function compare_symbols. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service or other unspecified impacts.
**CWE:**CWE-20: Improper Input Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 4
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2022-48065
**DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by a memory leak vulnerability in the function find_abstract_instance in dwarf2.c. By persuading a victim to open a specially crafted ELF file, a remote attacker could exploit this vulnerability to cause a DNS attack.
**CWE:**CWE-20: Improper Input Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 3.3
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2023-41560
**DESCRIPTION:** Tenda AC9 is vulnerable to a denial of service, caused by a stack-based buffer overflow in the /goform/SetFirewallCfg endpoint. By sending a specially crafted data package using the firewallEn parameter, a remote attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-121: Stack-based Buffer Overflow
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.5
**CVSS Vector:**(CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2021-32256
**DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by a stack-overflow issue in demangle_type in rust-demangle.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-121: Stack-based Buffer Overflow
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2020-19726
**DESCRIPTION:** GNU Binutils is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially crafted file, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
**CWE:**CWE-122: Heap-based Buffer Overflow
**CVSS Source:** IBM X-Force
**CVSS Base score:** 8.8
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2023-29491
**DESCRIPTION:** ncurses is vulnerable to a denial of service, caused by a memory corruption flaw when used by a setuid application. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.5
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-47008
**DESCRIPTION:** Binutils is vulnerable to a denial of service, caused by a memory leak in function make_tempdir, and make_tempname in bucomm.c. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-20: Improper Input Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 4
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2022-47695
**DESCRIPTION:** Binutils objdump is vulnerable to a denial of service, caused by a flaw in function bfd_mach_o_get_synthetic_symtab in match-o.c. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service or other unspecified impacts.
**CWE:**CWE-20: Improper Input Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 4
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2022-48064
**DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by an excessive memory consumption vulnerability in the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. By persuading a victim to open a specially crafted ELF file, a remote attacker could exploit this vulnerability to cause a DNS attack.
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** IBM X-Force
**CVSS Base score:** 3.3
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2023-4781
**DESCRIPTION:** Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking in the vim_regsub_both function. By persuading a victim to open a specially crafted file, a remote attacker could overflow a buffer and execute arbitrary code in the context of the current process.
**CWE:**CWE-122: Heap-based Buffer Overflow
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.8
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2022-35206
**DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference vulnerability in function read_and_display_attr_value in file dwarf.c. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-476: NULL Pointer Dereference
**CVSS Source:** IBM X-Force
**CVSS Base score:** 4
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2023-22745
**DESCRIPTION:** tpm2-tss is vulnerable to a buffer overflow, caused by improper bounds checking by the Tss2_RC_SetHandler and Tss2_RC_Decode function. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system.
**CWE:**CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.4
**CVSS Vector:**(CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2023-39318
**DESCRIPTION:** Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the html/template package. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
**CWE:**CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.1
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

**CVEID:**CVE-2023-24540
**DESCRIPTION:** Go is vulnerable to HTML injection. A remote attacker could inject malicious HTML code into a template containing whitespace characters outside of the character set “\t\n\f\r\u0020\u2028\u2029”, which when viewed, would execute in the victim’s Web browser within the security context of the hosting site.
**CWE:**CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 9.8
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2022-41725
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by a flaw when perform multipart form parsing with mime/multipart.Reader.ReadForm. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to consume largely unlimited amounts of memory and disk files, and results in a denial of service condition.
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-24537
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-39319
**DESCRIPTION:** Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the html/template package. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
**CWE:**CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.1
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

**CVEID:**CVE-2023-29400
**DESCRIPTION:** Golang Go is vulnerable to HTML injection. A remote attacker could inject malicious HTML code into the templates, which when parsed, would execute in the victim’s Web browser within the security context of the hosting site.
**CWE:**CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

**CVEID:**CVE-2022-48468
**DESCRIPTION:** protobuf-c is vulnerable to a denial of service, caused by an integer overflow in pref_len. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-190: Integer Overflow or Wraparound
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.2
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2018-18700
**DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by a stack consumption in cp-demangle.c in GNU libiberty. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
**CWE:**CWE-399: Resource Management Errors
**CVSS Source:** IBM X-Force
**CVSS Base score:** 3.3
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2023-29409
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, an remote attacker could exploit this vulnerability to cause a client/server to expend significant CPU time verifying signatures, and results in a denial of service condition.
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.7
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-41724
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by a flaw when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-20: Improper Input Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-24534
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by an memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-24536
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by a flaw during multipart form parsing. By sending a specially crafted input, a remote attacker could exploit this vulnerability to consume large amounts of CPU and memory, and results in a denial of service condition.
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-29406
**DESCRIPTION:** Golang Go is vulnerable to HTTP header injection, caused by improper contents validation of Host header by the HTTP/1 client. By persuading a victim to visit a specially crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
**CWE:**CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

**CVEID:**CVE-2022-41723
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by a flaw in the HPACK decoder. By sending a specially-crafted HTTP/2 stream, a remote attacker could exploit this vulnerability to cause excessive CPU consumption, and results in a denial of service condition.
**CWE:**CWE-400: Uncontrolled Resource Consumption
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-24539
**DESCRIPTION:** Go is vulnerable to HTML injection. A remote attacker could inject malicious HTML code into a template containing multiple actions separated by a ‘/’ character, which when viewed, would execute in the victim’s Web browser within the security context of the hosting site.
**CWE:**CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.3
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

**CVEID:**CVE-2023-27561
**DESCRIPTION:** Open Container Initiative runc could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control in libcontainer/rootfs_linux.go. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to run custom images.
**CWE:**CWE-264: Permissions, Privileges, and Access Controls
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.8
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2023-28642
**DESCRIPTION:** runc could allow a remote attacker to bypass security restrictions, caused by a symbolic link following vulnerability. By creating a symbolic link inside a container to the /proc directory, an attacker could exploit this vulnerability to bypass AppArmor and SELinux protections.
**CWE:**CWE-61: UNIX Symbolic Link (Symlink) Following
**CVSS Source:** IBM X-Force
**CVSS Base score:** 6.1
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)

**CVEID:**CVE-2023-25809
**DESCRIPTION:** runc is vulnerable to a denial of service, caused by improper access control in the /sys/fs/cgroup endpoint. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-284: Improper Access Control
**CVSS Source:** IBM X-Force
**CVSS Base score:** 2.5
**CVSS Vector:**(CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L)

**CVEID:**CVE-2023-25173
**DESCRIPTION:** containerd could allow a local authenticated attacker to bypass security restrictions, caused by improper setup for supplementary groups inside a container. By sending a specially-crafted request using supplementary group access, an attacker could exploit this vulnerability to bypass primary group restrictions.
**CWE:**CWE-863: Incorrect Authorization
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.3
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

**CVEID:**CVE-2023-24538
**DESCRIPTION:** Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by the failure to properly consider backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
**CWE:**CWE-94: Improper Control of Generation of Code (‘Code Injection’)
**CVSS Source:** IBM X-Force
**CVSS Base score:** 9.8
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2023-39321
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by a flaw when processing partial post-handshake message in QUICConn.HandleData in the crypto/tls package. By sending a specially crafted post-handshake message for a QUIC connection, a remote attacker could exploit this vulnerability to cause a denial of service condition.
**CWE:**CWE-20: Improper Input Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2020-28362
**DESCRIPTION:** Golang Go is vulnerable to a denial of service, caused by improper input validation by the math/big.Int methods. By sending a specially-crafted inputs, a remote attacker could exploit this vulnerability to cause the application to crash.
**CWE:**CWE-20: Improper Input Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.5
**CVSS Vector:**(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-4285
**DESCRIPTION:** GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference in _bfd_elf_get_symbol_version_string, resulting in a segmentation fault when parsing ELF files. By persuading a victim to open a specially-crafted ELF file containing corrupt symbol version information, a remote attacker could exploit this vulnerability to cause a denial of service.
**CWE:**CWE-754: Improper Check for Unusual or Exceptional Conditions
**CVSS Source:** IBM X-Force
**CVSS Base score:** 5.5
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

## Affected Products and Versions

Affected Product(s) | Version(s)
—|—
IBM Sterling Order Management | 10.0

## Remediation/Fixes

Please find release notes and fixes – https://www.ibm.com/docs/en/order-management?topic=updating-resolved-issues

Container download- https://www.ibm.com/docs/en/order-management-sw/10.0?topic=operator-obtaining-container-images-from-entitled-registry
On-Prem: https://www.ibm.com/docs/en/order-management-sw/10.0?topic=installing-applying-fix-packs

## Workarounds and Mitigations

None

##