Pexip security bulletins
The following security bulletins are published by Pexip for issues affecting Pexip Infinity and the Pexip Connect apps.
Please contact your Pexip authorized support representative for more information about these issues. This list covers issues addressed in v28.0 and later. For issues addressed in v27.x or earlier, see our documentation for previous releases.
More information specific for each of the vulnerabilities can be found via the NIST National Vulnerability Database: http://nvd.nist.gov/.
Pexip Infinity
Each bulletin addresses a number of vulnerabilities in the operating system software used by Pexip Infinity. The bulletins include an assessment of the issues, the impact to the Pexip Infinity platform, and resolution details.
| Bulletin | Description | Risk | Updated | Impacted versions | Addressed in version |
|---|---|---|---|---|---|
| CVE-2022-21712 | The RedirectAgent and BrowserLikeRedirectAgent HTTP client implementations in the Twisted event-driven networking engine expose cookies and authorization headers when following cross-origin redirects. | High | October 2022 | 17.0-29.x | 30.0 |
| CVE-2022-31676 | open-vm-tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. | High | October 2022 | 21.0-29.x | 30.0 |
| CVE-2022-1043 | A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges. | High | October 2022 | 27.0-29.x | 30.0 |
| CVE-2021-30560 | Use after free in xsltApplyTemplates prior to libxslt 1.1.35 allows attackers to potentially exploit heap corruption via crafted XML data. | High | October 2022 | All before 30 | 30.0 |
| CVE-2019-5815 | Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. | High | October 2022 | All before 30 | 30.0 |
| CVE-2022-42959 | Insufficient input validation in the signalling implementation(s) allows a malicious attacker to trigger a software abort resulting in a denial of service. | High | October 2022 | All before 30 | 30.0 |
| CVE-2022-42730 | Insufficient input validation allows a malicious attacker to trigger a software abort resulting in a denial of service. | High | October 2022 | 27.0-29.x | 30.0 |
| CVE-2022-41872 | Unauthenticated denial of service. | High | October 2022 | All before 30 | 30.0 |
| CVE-2022-40618 | Insufficient input validation in the in-call setup implementation allows an unauthenticated remote attacker to cause a software abort leading to a temporary loss of service. | High | October 2022 | 27.0-29.1 | 29.3 and 30.0 |
| Multiple | Resolved minor issues: CVE-2021-3800, CVE-2021-22924, CVE-2021-20223, CVE-2021-45868, CVE-2022-0494, CVE-2022-0854, CVE-2022-1016, CVE-2022-20153, CVE-2022-2078, CVE-2022-21499, CVE-2022-21716, CVE-2022-24801, CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808, CVE-2022-24809, CVE-2022-24810, CVE-2022-25309, CVE-2022-25310, CVE-2022-27404, CVE-27405, CVE-27406, CVE-2022-27776, CVE-2022-27782, CVE-2022-28356, CVE-2022-28614, CVE-2022-32206, CVE-2022-32208, CVE-2022-34265, CVE-2020-35525, CVE-2020-35527, CVE-2022-34903, CVE-2022-37434, CVE-2022-40674 | October 2022 | 30.0 | ||
| CVE-2021-0707 | In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android kernelAndroid ID: A-155756045References: Upstream kernel. | High | July 2022 | All before 29 | 29.0 |
| CVE-2021-39698 | In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android kernelAndroid ID: A-185125206References: Upstream kernel. | High | July 2022 | All before 29 | 29.0 |
| CVE-2022-1011 | A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. | High | July 2022 | All before 29 | 29.0 |
| CVE-2022-1729 | A use-after-free flaw was found in the Linux kernel's performance events subsystem allowing a local user to crash the system. | High | July 2022 | 13-28.x | 29.0 |
| CVE-2022-1786 | A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system. | High | July 2022 | 26-28.x | 29.0 |
| CVE-2022-27666 | A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. | High | July 2022 | 21-28.x | 29.0 |
| CVE-2022-29581 | Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. | High | July 2022 | 21-28.x | 29.0 |
| CVE-2022-29582 | In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. | High | July 2022 | 26-28.x | 29.0 |
| CVE-2022-30594 | The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | High | July 2022 | 13-28.x | 29.0 |
| CVE-2018-25032 | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | High | July 2022 | All before 29 | 29.0 |
| CVE-2022-36434 | Insufficient input validation in the Pexip Client API implementation allows an unauthenticated remote attacker to trigger a software abort leading to a denial of service. | High | July 2022 | 28.x | 29.0 |
| CVE-2022-34490 | Insufficient input validation in the RTP implementation allows a malicious attacker to trigger a software abort resulting in a denial of service. | High | July 2022 | 9.0 - 28.2 | 29.0 |
| CVE-2022-32956 | Improper access control in the Infinity Management API allows a malicious attacker to escalate privileges when certificate based authentication is enabled. | High | July 2022 | 5.5 - 28.2 | 29.0 |
| Multiple |
Resolved minor issues: CVE-2021-45452, CVE-2021-45868, CVE-2022-0494, CVE-2022-0850, CVE-2022-0854, CVE-2022-1012, CVE-2022-1016, CVE-2022-1055, CVE-2022-1271, CVE-2022-1353, CVE-2022-1664, CVE-2022-1972, CVE-2022-1998, CVE-2022-2068, CVE-2022-2078, CVE-2022-20153, CVE-2022-21499, CVE-2022-28614, CVE-2022-29824, CVE-2022-31813, CVE-2022-32250, CVE-2022-1292 |
July 2022 | 29.0 | ||
| CVE-2022-32263 | Insufficient input validation in the G.719 codec implementation allows a malicious attacker to trigger a software abort resulting in a denial of service. | High | June 2022 | 13.0 - 28.0 | 28.1 |
| CVE-2022-29286 | Resource mismanagement in the registrar allows an unauthenticated remote attacker to cause the system to consume excess resources and eventually terminate, resulting in a denial of service. | High | April 2022 | 27.0, 27.1, 27.2, 27.3 | 28.0 |
| CVE-2022-27936 | Insufficient input validation in the H.323 protocol implementation allows an unauthenticated remote attacker to trigger a software abort resulting in a denial of service. | High | April 2022 | 1 - 27.3 | 28.0 |
| CVE-2022-25315 | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. | Critical | April 2022 | 1 - 27.3 | 28.0 |
| CVE-2022-25314 | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. | High | April 2022 | 1 - 27.3 | 28.0 |
| CVE-2022-25236 | xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. | Critical | April 2022 | 1 - 27.3 | 28.0 |
| CVE-2022-25235 | xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. | Critical | April 2022 | 1 - 27.3 | 28.0 |
| CVE-2022-23990 | Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. | Critical | April 2022 | 1 - 27.3 | 28.0 |
| CVE-2022-23852 | Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. | Critical | April 2022 | 1 - 27.3 | 28.0 |
| CVE-2022-23308 | valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | High | April 2022 | 1 - 27.3 | 28.0 |
| CVE-2022-22827 | storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | High | April 2022 | 1 - 27.3 | 28.0 |
| CVE-2022-22826 | nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | High | April 2022 | 1 - 27.3 | 28.0 |
| CVE-2022-22825 | lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | High | April 2022 | 1 - 27.3 | 28.0 |
| CVE-2022-22824 | defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | Critical | April 2022 | 1 - 27.3 | 28.0 |
| CVE-2022-22823 | build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | Critical | April 2022 | 1 - 27.3 | 28.0 |
| CVE-2022-22822 | addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | Critical | April 2022 | 1 - 27.3 | 28.0 |
| CVE-2022-0847 | A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. | High | April 2022 | 1 - 27.3 | 28.0 |
| CVE-2022-0492 | A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. | High | April 2022 | 1 - 27.3 | 28.0 |
| CVE-2021-46143 | In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. | High | April 2022 | 1 - 27.3 | 28.0 |
| CVE-2021-45960 | In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). | High | April 2022 | 1 - 27.3 | 28.0 |
| CVE-2021-45485 | In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. | High | April 2022 | 1 - 27.3 | 28.0 |
| CVE-2021-22600 | A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 | High | April 2022 | 1 - 27.3 | 28.0 |
| CVE-2021-4154 | A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system. | High | April 2022 | 1 - 27.3 | 28.0 |
| CVE-2021-4083 | A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4. | High | April 2022 | 1 - 27.3 | 28.0 |
| CVE-2018-25032 | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | High | April 2022 | 1 - 27.3 | 28.0 |
| Multiple | Resolved minor issues: CVE-2019-15165, CVE-2019-20807, CVE-2021-3770, CVE-2021-3778, CVE-2021-3796, CVE-2021-3997, CVE-2021-4001, CVE-2021-4203, CVE-2021-28965, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066, CVE-2021-41817, CVE-2021-41819, CVE-2021-45402, CVE-2021-45486, CVE-2022-0286, CVE-2022-0617, CVE-2022-0644, CVE-2022-22816, CVE-2022-25313, CVE-2022-25636 | April 2022 | 28.0 |
CVE-2022-21712: The RedirectAgent and BrowserLikeRedirectAgent HTTP client implementations in the Twisted event-driven networking engine expose cookies and authorization headers when following cross-origin redirects
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: 17-29.x
CVSS3.1 base score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Mitigation: This functionality is only used when interfacing with trusted third party services, none of which currently use cross-origin redirects, therefore no exploit path currently exists.
Resolution: Upgrade to Pexip Infinity 30.0
CVE-2022-31676: open-vm-tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: 21-29.x
CVSS3.1 base score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Mitigation: Exploitation requires an attacker to be able to run arbitrary code on the system by either achieving remote code execution via some other vulnerability or having administrative access to the operating system.
Resolution: Upgrade to Pexip Infinity 30.0
CVE-2022-1043: A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: 27-29.x
CVSS3.1 base score: 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
Mitigation: Exploitation requires an attacker to be able to run arbitrary code on the system by either achieving remote code execution via some other vulnerability or having administrative access to the operating system.
Resolution: Upgrade to Pexip Infinity 30.0
CVE-2021-30560: Use after free in xsltApplyTemplates prior to libxslt 1.1.35 allows attackers to potentially exploit heap corruption via crafted XML data
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: all before v30
CVSS3.1 base score: 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Mitigation: Infinity versions before 27 do not expose this component to untrusted input and are thus not directly impacted by this issue (although it is still present in the versions of the component contained in pre-27 Infinity releases). Infinity versions from 27 up to 30 do process untrusted input using the affected component as part of the SIngle Sign-On functionality. Administrators should ensure that only trusted Identity Providers are configured.
Resolution: Upgrade to Pexip Infinity 30.0
CVE-2019-5815: Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: all before v30
CVSS3.1 base score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Mitigation: No exploit paths exist in Infinity versions before 27 as this component is not exposed to untrusted input. Exploits in Infinity versions 27 through 29 require a malicious Identity Provider to be used for the Single Sign-On participant authentication functionality.
Resolution: Upgrade to Pexip Infinity 30.0
CVE-2022-42959: Insufficient input validation in the signalling implementation(s) allows a malicious attacker to trigger a software abort resulting in a denial of service
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: 1-29.x
CVSS3.1 base score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Mitigation: None
Resolution: Upgrade to Pexip Infinity 30.0
CVE-2022-42730: Insufficient input validation allows a malicious attacker to trigger a software abort resulting in a denial of service
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: 27.0-29.x
CVSS3.1 base score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Mitigation: Configure a global maximum call bandwidth (via )
Resolution: Upgrade to Pexip Infinity 30.0
CVE-2022-41872: Unauthenticated denial of service
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: all before v30
CVSS3.1 base score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Mitigation: None
Resolution: Upgrade to Pexip Infinity 30.0
CVE-2022-40618: Insufficient input validation in the in-call setup implementation allows an unauthenticated remote attacker to cause a software abort leading to a temporary loss of service
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: 27.0 - 29.1.
CVSS3.1 base score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Mitigation: None
Resolution: Upgrade to Pexip Infinity 29.3 or Pexip Infinity 30.0
CVE-2021-0707: In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References: Upstream kernel
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: All before 29
CVSS 3.1 base score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Mitigation: Exploitation requires an attacker to be able to run arbitrary code on the system by either achieving remote code execution via some other vulnerability or having administrative access to the operating system.
Resolution: Upgrade to Pexip Infinity 29
CVE-2021-39698: In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-185125206References: Upstream kernel
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: All before 29
CVSS 3.1 base score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Mitigation: Exploitation requires an attacker to be able to run arbitrary code on the system by either achieving remote code execution via some other vulnerability or having administrative access to the operating system.
Resolution: Upgrade to Pexip Infinity 29
CVE-2022-1011: A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: All before 29
CVSS 3.1 base score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Mitigation: Exploitation requires an attacker to be able to run arbitrary code on the system by either achieving remote code execution via some other vulnerability or having administrative access to the operating system.
Resolution: Upgrade to Pexip Infinity 29
CVE-2022-1729: A use-after-free flaw was found in the Linux kernel's performance events subsystem allowing a local user to crash the system.
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: 13-28.x
CVSS 3.1 base score: 7.4 (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Mitigation: Exploitation requires an attacker to be able to run arbitrary code on the system by either achieving remote code execution via some other vulnerability or having administrative access to the operating system.
Resolution: Upgrade to Pexip Infinity 29
CVE-2022-1786: A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: 26-28.x
CVSS 3.1 base score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Mitigation: Exploitation requires an attacker to be able to run arbitrary code on the system by either achieving remote code execution via some other vulnerability or having administrative access to the operating system.
Resolution: Upgrade to Pexip Infinity 29
CVE-2022-27666: A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: 21-28.x
CVSS 3.1 base score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Mitigation: Exploitation requires an attacker to be able to run arbitrary code on the system by either achieving remote code execution via some other vulnerability or having administrative access to the operating system.
Resolution: Upgrade to Pexip Infinity 29
CVE-2022-29581: Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: 21-28.x
CVSS 3.1 base score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Mitigation: Exploitation requires an attacker to be able to run arbitrary code on the system by either achieving remote code execution via some other vulnerability or having administrative access to the operating system.
Resolution: Upgrade to Pexip Infinity 29
CVE-2022-29582: In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: 26-28.x
CVSS 3.1 base score: 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
Mitigation: Exploitation requires an attacker to be able to run arbitrary code on the system by either achieving remote code execution via some other vulnerability or having administrative access to the operating system.
Resolution: Upgrade to Pexip Infinity 29
CVE-2022-30594: The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: 13-28.x
CVSS 3.1 base score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Mitigation: Exploitation requires an attacker to be able to run arbitrary code on the system by either achieving remote code execution via some other vulnerability or having administrative access to the operating system.
Resolution: Upgrade to Pexip Infinity 29
CVE-2018-25032: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: All before 29
CVSS 3.1 base score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Mitigation: This issue is most reliably triggered by use of static Huffman coding (Z_FIXED), which is not used by Pexip Infinity, but can also occur when using dynamic Huffman coding (Z_DEFAULT_STRATEGY) with a memLevel of 1. All use of zlib compression within Pexip Infinity uses dynamic Huffman coding (Z_DEFAULT_STRATEGY) with a memLevel of at least 8.
Resolution: Upgrade to Pexip Infinity 29
CVE-2022-36434: Insufficient input validation in the Pexip Client API implementation allows an unauthenticated remote attacker to trigger a software abort leading to a denial of service.
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: 28.x
CVSS3.1 base score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Mitigation: Disable support for Pexip Infinity Connect clients and Client API in Pexip Infinity Global Settings.
Resolution: Upgrade to Pexip Infinity 29
CVE-2022-34490: Insufficient input validation in the RTP implementation allows a malicious attacker to trigger a software abort resulting in a denial of service
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: 9.0 - 28.1
CVSS3.1 base score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Mitigation: None
Resolution: Upgrade to Pexip Infinity 29
CVE-2022-32956: Improper access control in the Infinity Management API allows a malicious attacker to escalate privileges when certificate based authentication is enabled
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: 5.5 - 28.1
CVSS 3.1 base score: 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
Mitigation: Disable certificate based authentication.
Resolution: Upgrade to Pexip Infinity 29
CVE-2022-32263: Insufficient input validation in the G.719 codec implementation allows a malicious attacker to trigger a software abort resulting in a denial of service
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: 13.0 - 28.0
CVSS 3.1 base score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Mitigation: Disable the G.719 codec implementation in the section of ).
Resolution: Upgrade to Pexip Infinity 28.1
CVE-2022-29286: Resource mismanagement in the registrar allows an unauthenticated remote attacker to cause the system to consume excess resources and eventually terminate, resulting in a denial of service
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: 27.0, 27.1, 27.2, 27.3
CVSS 3.1 base score: 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
Mitigation: Where possible, disable the registrar ().
Resolution: Upgrade to Pexip Infinity 28
CVE-2022-27936: Insufficient input validation in the H.323 protocol implementation allows an unauthenticated remote attacker to trigger a software abort resulting in a denial of service
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Mitigation: Where possible, disable the H.323 protocol implementation ().
Resolution: Upgrade to Pexip Infinity 28
CVE-2022-25315: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames
Impact to Pexip Infinity: Critical
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Mitigation: None
Resolution: Upgrade to Pexip Infinity 28
CVE-2022-25314: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Mitigation: None
Resolution: Upgrade to Pexip Infinity 28
CVE-2022-25236: xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs
Impact to Pexip Infinity: Critical
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Mitigation: None
Resolution: Upgrade to Pexip Infinity 28
CVE-2022-25235: xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context
Impact to Pexip Infinity: Critical
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Mitigation: None
Resolution: Upgrade to Pexip Infinity 28
CVE-2022-23990: Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function
Impact to Pexip Infinity: Critical
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Mitigation: None
Resolution: Upgrade to Pexip Infinity 28
CVE-2022-23852: Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES
Impact to Pexip Infinity: Critical
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Mitigation: None
Resolution: Upgrade to Pexip Infinity 28
CVE-2022-23308: valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Mitigation: None
Resolution: Upgrade to Pexip Infinity 28
CVE-2022-22827: storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Mitigation: None
Resolution: Upgrade to Pexip Infinity 28
CVE-2022-22826: nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Mitigation: None
Resolution: Upgrade to Pexip Infinity 28
CVE-2022-22825: lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Mitigation: None
Resolution: Upgrade to Pexip Infinity 28
CVE-2022-22824: defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow
Impact to Pexip Infinity: Critical
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Mitigation: None
Resolution: Upgrade to Pexip Infinity 28
CVE-2022-22823: build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow
Impact to Pexip Infinity: Critical
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Mitigation: None
Resolution: Upgrade to Pexip Infinity 28
CVE-2022-22822: addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow
Impact to Pexip Infinity: Critical
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Mitigation: None
Resolution: Upgrade to Pexip Infinity 28
CVE-2022-0847: A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Mitigation: Exploitation requires an attacker to be able to run arbitrary code on the system by either achieving remote code execution via some other vulnerability or having administrative access to the operating system.
Resolution: Upgrade to Pexip Infinity 28
CVE-2022-0492: A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Mitigation: Exploitation requires an attacker to be able to run arbitrary code on the system by either achieving remote code execution via some other vulnerability or having administrative access to the operating system.
Resolution: Upgrade to Pexip Infinity 28
CVE-2021-46143: In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Mitigation: None
Resolution: Upgrade to Pexip Infinity 28
CVE-2021-45960: In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Mitigation: None
Resolution: Upgrade to Pexip Infinity 28
CVE-2021-45485: In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Mitigation: None
Resolution: Upgrade to Pexip Infinity 28
CVE-2021-22600: A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Mitigation: Exploitation requires an attacker to be able to run arbitrary code on the system by either achieving remote code execution via some other vulnerability or having administrative access to the operating system.
Resolution: Upgrade to Pexip Infinity 28
CVE-2021-4154: A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
Mitigation: Exploitation requires an attacker to be able to run arbitrary code on the system by either achieving remote code execution via some other vulnerability or having administrative access to the operating system.
Resolution: Upgrade to Pexip Infinity 28
CVE-2021-4083: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
Mitigation: Exploitation requires an attacker to be able to run arbitrary code on the system by either achieving remote code execution via some other vulnerability or having administrative access to the operating system.
Resolution: Upgrade to Pexip Infinity 28
CVE-2018-25032: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches
Impact to Pexip Infinity: High
Affected versions of Pexip Infinity: All before 28
CVSS 3.1 base score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Mitigation: None
Resolution: Upgrade to Pexip Infinity 28
Connect app
Each bulletin addresses a number of vulnerabilities in the software used by the Connect apps. The bulletins include an assessment of the issues, the impact on the Connect app, and resolution details.
| Bulletin | Description | Risk | Updated | Addressed in version |
|---|---|---|---|---|
| CVE-2021-29655 | Missing authenticity checks in application provisioning allow an attacker to cause the application to run untrusted code. | High | June 2021 | 1.8.0 |
| CVE-2021-29656 | Missing checks in certificate allow list matching allow a remote attacker to compromise a TLS connection, extracting data and potentially causing remote code execution. | High | June 2021 | 1.8.0 |
CVE-2021-29655: Missing authenticity checks in application provisioning allow an attacker to cause the application to run untrusted code.
Impact to Connect app: High
Affected versions of Connect app: All before 1.8.0
CVSS3.1 base score: 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Mitigation: None
Resolution: Upgrade to Connect app 1.8.0
Credit: This issue was responsibly disclosed by The UK's National Cyber Security Centre (NCSC)
CVE-2021-29656: Missing checks in certificate allow list matching allow a remote attacker to compromise a TLS connection, extracting data and potentially causing remote code execution.
Impact to Connect app: High
Affected versions of Connect app: All before 1.8.0
CVSS3.1 base score: 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Mitigation: None
Resolution: Upgrade to Pexip Infinity Connect 1.8.0
Credit: This issue was responsibly disclosed by The UK's National Cyber Security Centre (NCSC)