Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1mcmczLWdwY3gtOTY4Zs4AAjE-
SwiftNIO SSL arbitrary code execution vulnerability
A SwiftNIO application using TLS may be able to execute arbitrary code. The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1.
Permalink: https://github.com/advisories/GHSA-frg3-gpcx-968fJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mcmczLWdwY3gtOTY4Zs4AAjE-
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: 11 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-frg3-gpcx-968f, CVE-2019-8849
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-8849
- https://support.apple.com/HT210772
- https://github.com/advisories/GHSA-frg3-gpcx-968f
Affected Packages
swift:github.com/apple/swift-nio-ssl
Dependent packages: 174Dependent repositories: 917
Downloads:
Affected Version Ranges: < 2.4.1
Fixed in: 2.4.1
All affected versions: 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.4.0
All unaffected versions: 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.5.0, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.8.0, 2.9.0, 2.9.1, 2.9.2, 2.10.0, 2.10.1, 2.10.2, 2.10.3, 2.10.4, 2.10.5, 2.11.0, 2.12.0, 2.13.0, 2.13.1, 2.14.0, 2.14.1, 2.15.0, 2.15.1, 2.16.0, 2.16.1, 2.16.2, 2.16.3, 2.17.0, 2.17.1, 2.17.2, 2.18.0, 2.19.0, 2.20.0, 2.20.1, 2.20.2, 2.21.0, 2.22.0, 2.22.1, 2.23.0, 2.23.1, 2.24.0, 2.25.0, 2.26.0