13830 2023-10-18 20:24:44 +0300 [CVE 21] cryptacular 1.1.0 CVEs found 2023-10-27 20:10:20 +0300 1 1 2 ROSA-based products ROSA Fresh System (kernel, glibc, systemd, bash, PAM...) All All Linux RESOLVED FIXED CVE-2020-7226, Highest critical 2021.1 Fresh R12 1 y.tumanov bugs e.kosachev s.matveev v.potapov y.tumanov 2021.1 oldest_to_newest 69718 0 y.tumanov 2023-10-18 20:24:44 +0300 Please patch CVEs for package cryptacular version 1.1.0 INFO (CVEs are): cryptacular 1.1.0 cves found CVE-2020-7226 Desc: CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data. Link: https://nvd.nist.gov/vuln/detail/CVE-2020-7226 Severity: HIGH 70046 1 v.potapov 2023-10-20 11:55:02 +0300 *** Bug 13698 has been marked as a duplicate of this bug. *** 70048 2 v.potapov 2023-10-20 11:55:11 +0300 *** Bug 13507 has been marked as a duplicate of this bug. *** 70442 3 s.matveev 2023-10-24 13:48:33 +0300 Затрагивает версию 1.2.3.,не для нас. 70580 4 y.tumanov 2023-10-27 20:10:20 +0300 secteam_verified