[automatic] Publish and update 80 advisories for 40 packages

advisories/published/2025/JLSEC-0000-mnstl07zg-bjibr.md

@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnstl07zg-bjibr"
+modified = 2025-11-05T03:27:25.036Z
+upstream = ["CVE-2019-1387"]
+references = ["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", "https://access.redhat.com/errata/RHSA-2019:4356", "https://access.redhat.com/errata/RHSA-2020:0002", "https://access.redhat.com/errata/RHSA-2020:0124", "https://access.redhat.com/errata/RHSA-2020:0228", "https://lists.debian.org/debian-lts-announce/2020/01/msg00019.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6UGTEOXWIYSM5KDZL74QD2GK6YQNQCP/", "https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u", "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", "https://security.gentoo.org/glsa/202003-30", "https://security.gentoo.org/glsa/202003-42", "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html", "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", "https://access.redhat.com/errata/RHSA-2019:4356", "https://access.redhat.com/errata/RHSA-2020:0002", "https://access.redhat.com/errata/RHSA-2020:0124", "https://access.redhat.com/errata/RHSA-2020:0228", "https://lists.debian.org/debian-lts-announce/2020/01/msg00019.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html", "https://lists.debian.org/debian-lts-announce/2024/09/msg00009.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6UGTEOXWIYSM5KDZL74QD2GK6YQNQCP/", "https://lore.kernel.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/T/#u", "https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/", "https://security.gentoo.org/glsa/202003-30", "https://security.gentoo.org/glsa/202003-42"]
+
+[[affected]]
+pkg = "Git_jll"
+ranges = ["< 2.26.1+0"]
+
+[[jlsec_sources]]
+id = "CVE-2019-1387"
+imported = 2025-11-05T03:27:25.016Z
+modified = 2025-11-04T16:15:42.387Z
+published = 2019-12-18T21:15:13.820Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2019-1387"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2019-1387"
+```
+
+# An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.1...
+
+An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.
+

advisories/published/2025/JLSEC-0000-mnstl0bqt-10h52h.md

@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnstl0bqt-10h52h"
+modified = 2025-11-05T03:27:29.909Z
+upstream = ["CVE-2021-42260"]
+references = ["https://lists.debian.org/debian-lts-announce/2022/04/msg00019.html", "https://lists.debian.org/debian-lts-announce/2022/09/msg00041.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/", "https://sourceforge.net/p/tinyxml/bugs/141/", "https://lists.debian.org/debian-lts-announce/2022/04/msg00019.html", "https://lists.debian.org/debian-lts-announce/2022/09/msg00041.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/", "https://lists.fedoraproject.org/archives/list/[email protected]/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/", "https://lists.fedoraproject.org/archives/list/[email protected]/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/", "https://sourceforge.net/p/tinyxml/bugs/141/"]
+
+[[affected]]
+pkg = "TinyXML_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2021-42260"
+imported = 2025-11-05T03:27:29.909Z
+modified = 2025-11-04T19:15:40.767Z
+published = 2021-10-11T20:15:07.433Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-42260"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2021-42260"
+```
+
+# TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the T...
+
+TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.
+

advisories/published/2025/JLSEC-0000-mnstl0fuf-1wflg41.md

@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnstl0fuf-1wflg41"
+modified = 2025-11-05T03:27:35.223Z
+upstream = ["CVE-2021-3658"]
+references = ["https://bugzilla.redhat.com/show_bug.cgi?id=1984728", "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055", "https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055", "https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89", "https://security.netapp.com/advisory/ntap-20220407-0002/", "https://bugzilla.redhat.com/show_bug.cgi?id=1984728", "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055", "https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055", "https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues/89", "https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html", "https://security.netapp.com/advisory/ntap-20220407-0002/"]
+
+[[affected]]
+pkg = "BlueZ_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2021-3658"
+imported = 2025-11-05T03:27:35.223Z
+modified = 2025-11-04T16:15:43.203Z
+published = 2022-03-02T23:15:08.787Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-3658"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2021-3658"
+```
+
+# bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down,...
+
+bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers.
+

advisories/published/2025/JLSEC-0000-mnstl0gh0-4tf9nz.md

@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnstl0gh0-4tf9nz"
+modified = 2025-11-05T03:27:36.036Z
+upstream = ["CVE-2022-0204"]
+references = ["https://bugzilla.redhat.com/show_bug.cgi?id=2039807", "https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0", "https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q", "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", "https://security.gentoo.org/glsa/202209-16", "https://bugzilla.redhat.com/show_bug.cgi?id=2039807", "https://github.com/bluez/bluez/commit/591c546c536b42bef696d027f64aa22434f8c3f0", "https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q", "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", "https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html", "https://security.gentoo.org/glsa/202209-16"]
+
+[[affected]]
+pkg = "BlueZ_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2022-0204"
+imported = 2025-11-05T03:27:36.036Z
+modified = 2025-11-04T16:15:46.130Z
+published = 2022-03-10T17:44:55.230Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-0204"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2022-0204"
+```
+
+# A heap overflow vulnerability was found in bluez in versions prior to 5.63
+
+A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.
+

advisories/published/2025/JLSEC-0000-mnstl0h86-zanu33.md

@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnstl0h86-zanu33"
+modified = 2025-11-05T03:27:37.014Z
+upstream = ["CVE-2022-28739"]
+references = ["http://seclists.org/fulldisclosure/2022/Oct/28", "http://seclists.org/fulldisclosure/2022/Oct/29", "http://seclists.org/fulldisclosure/2022/Oct/30", "http://seclists.org/fulldisclosure/2022/Oct/41", "http://seclists.org/fulldisclosure/2022/Oct/42", "https://hackerone.com/reports/1248108", "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html", "https://security-tracker.debian.org/tracker/CVE-2022-28739", "https://security.gentoo.org/glsa/202401-27", "https://security.netapp.com/advisory/ntap-20220624-0002/", "https://support.apple.com/kb/HT213488", "https://support.apple.com/kb/HT213493", "https://support.apple.com/kb/HT213494", "https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/", "http://seclists.org/fulldisclosure/2022/Oct/28", "http://seclists.org/fulldisclosure/2022/Oct/29", "http://seclists.org/fulldisclosure/2022/Oct/30", "http://seclists.org/fulldisclosure/2022/Oct/41", "http://seclists.org/fulldisclosure/2022/Oct/42", "https://hackerone.com/reports/1248108", "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html", "https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html", "https://security-tracker.debian.org/tracker/CVE-2022-28739", "https://security.gentoo.org/glsa/202401-27", "https://security.netapp.com/advisory/ntap-20220624-0002/", "https://support.apple.com/kb/HT213488", "https://support.apple.com/kb/HT213493", "https://support.apple.com/kb/HT213494", "https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/"]
+
+[[affected]]
+pkg = "ruby_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2022-28739"
+imported = 2025-11-05T03:27:37.014Z
+modified = 2025-11-04T16:15:48.840Z
+published = 2022-05-09T18:15:08.540Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-28739"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2022-28739"
+```
+
+# There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x b...
+
+There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
+

advisories/published/2025/JLSEC-0000-mnstl0i34-8ikrhm.md

@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnstl0i34-8ikrhm"
+modified = 2025-11-05T03:27:38.128Z
+upstream = ["CVE-2022-39176"]
+references = ["https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968", "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", "https://security.netapp.com/advisory/ntap-20221020-0002/", "https://ubuntu.com/security/notices/USN-5481-1", "https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968", "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", "https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html", "https://security.netapp.com/advisory/ntap-20221020-0002/", "https://ubuntu.com/security/notices/USN-5481-1"]
+
+[[affected]]
+pkg = "BlueZ_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2022-39176"
+imported = 2025-11-05T03:27:38.128Z
+modified = 2025-11-04T16:15:51.260Z
+published = 2022-09-02T04:15:11.427Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-39176"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2022-39176"
+```
+
+# BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because prof...
+
+BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
+

advisories/published/2025/JLSEC-0000-mnstl0i6u-5da7um.md

@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnstl0i6u-5da7um"
+modified = 2025-11-05T03:27:38.262Z
+upstream = ["CVE-2022-39177"]
+references = ["https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968", "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", "https://security.netapp.com/advisory/ntap-20221020-0002/", "https://ubuntu.com/security/notices/USN-5481-1", "https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968", "https://lists.debian.org/debian-lts-announce/2022/10/msg00026.html", "https://lists.debian.org/debian-lts-announce/2024/09/msg00022.html", "https://security.netapp.com/advisory/ntap-20221020-0002/", "https://ubuntu.com/security/notices/USN-5481-1"]
+
+[[affected]]
+pkg = "BlueZ_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2022-39177"
+imported = 2025-11-05T03:27:38.262Z
+modified = 2025-11-04T16:15:51.590Z
+published = 2022-09-02T04:15:11.477Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-39177"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2022-39177"
+```
+
+# BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malform...
+
+BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
+

advisories/published/2025/JLSEC-0000-mnstl0jge-1cp2d9h.md

@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnstl0jge-1cp2d9h"
+modified = 2025-11-05T03:27:39.902Z
+upstream = ["CVE-2021-33621"]
+references = ["https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS/", "https://security.gentoo.org/glsa/202401-27", "https://security.netapp.com/advisory/ntap-20221228-0004/", "https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/", "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html", "https://lists.debian.org/debian-lts-announce/2024/09/msg00000.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS/", "https://security.gentoo.org/glsa/202401-27", "https://security.netapp.com/advisory/ntap-20221228-0004/", "https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/"]
+
+[[affected]]
+pkg = "ruby_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2021-33621"
+imported = 2025-11-05T03:27:39.902Z
+modified = 2025-11-04T16:15:42.820Z
+published = 2022-11-18T23:15:18.987Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-33621"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2021-33621"
+```
+
+# The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response...
+
+The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
+

advisories/published/2025/JLSEC-0000-mnstl0qvy-1676f0e.md

@@ -0,0 +1,40 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnstl0qvy-1676f0e"
+modified = 2025-11-05T03:27:49.534Z
+upstream = ["CVE-2022-4304"]
+references = ["https://security.gentoo.org/glsa/202402-08", "https://www.openssl.org/news/secadv/20230207.txt", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://security.gentoo.org/glsa/202402-08", "https://www.openssl.org/news/secadv/20230207.txt"]
+
+[[affected]]
+pkg = "OpenSSL_jll"
+ranges = ["< 1.1.20+0"]
+[[affected]]
+pkg = "Openresty_jll"
+ranges = ["< 1.27.1+0"]
+
+[[jlsec_sources]]
+id = "CVE-2022-4304"
+imported = 2025-11-05T03:27:49.534Z
+modified = 2025-11-04T20:16:14.897Z
+published = 2023-02-08T20:15:23.887Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-4304"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2022-4304"
+```
+
+# A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be suffi...
+
+A timing based side channel exists in the OpenSSL RSA Decryption implementation
+which could be sufficient to recover a plaintext across a network in a
+Bleichenbacher style attack. To achieve a successful decryption an attacker
+would have to be able to send a very large number of trial messages for
+decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,
+RSA-OEAP and RSASVE.
+
+For example, in a TLS connection, RSA is commonly used by a client to send an
+encrypted pre-master secret to the server. An attacker that had observed a
+genuine connection between a client and a server could use this flaw to send
+trial messages to the server and record the time taken to process them. After a
+sufficiently large number of messages the attacker could recover the pre-master
+secret used for the original connection and thus be able to decrypt the
+application data sent over that connection.
+

advisories/published/2025/JLSEC-0000-mnstl0qw1-m4i28x.md

@@ -0,0 +1,50 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnstl0qw1-m4i28x"
+modified = 2025-11-05T03:27:49.537Z
+upstream = ["CVE-2022-4450"]
+references = ["https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b", "https://security.gentoo.org/glsa/202402-08", "https://www.openssl.org/news/secadv/20230207.txt", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://security.gentoo.org/glsa/202402-08", "https://www.openssl.org/news/secadv/20230207.txt"]
+
+[[affected]]
+pkg = "OpenSSL_jll"
+ranges = ["< 1.1.20+0"]
+[[affected]]
+pkg = "Openresty_jll"
+ranges = [">= 1.19.9+0, < 1.27.1+0"]
+
+[[jlsec_sources]]
+id = "CVE-2022-4450"
+imported = 2025-11-05T03:27:49.537Z
+modified = 2025-11-04T20:16:15.060Z
+published = 2023-02-08T20:15:23.973Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-4450"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2022-4450"
+```
+
+# The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g
+
+The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
+decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data.
+If the function succeeds then the "name_out", "header" and "data" arguments are
+populated with pointers to buffers containing the relevant decoded data. The
+caller is responsible for freeing those buffers. It is possible to construct a
+PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()
+will return a failure code but will populate the header argument with a pointer
+to a buffer that has already been freed. If the caller also frees this buffer
+then a double free will occur. This will most likely lead to a crash. This
+could be exploited by an attacker who has the ability to supply malicious PEM
+files for parsing to achieve a denial of service attack.
+
+The functions PEM_read_bio() and PEM_read() are simple wrappers around
+PEM_read_bio_ex() and therefore these functions are also directly affected.
+
+These functions are also called indirectly by a number of other OpenSSL
+functions including PEM_X509_INFO_read_bio_ex() and
+SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal
+uses of these functions are not vulnerable because the caller does not free the
+header argument if PEM_read_bio_ex() returns a failure code. These locations
+include the PEM_read_bio_TYPE() functions as well as the decoders introduced in
+OpenSSL 3.0.
+
+The OpenSSL asn1parse command line application is also impacted by this issue.
+