{"id":"USN-6422-1","summary":"ring vulnerabilities","details":"\nIt was discovered that Ring incorrectly handled certain inputs. If a user or\nan automated system were tricked into opening a specially crafted input file,\na remote attacker could possibly use this issue to execute arbitrary code.\n(CVE-2021-37706)\n\nIt was discovered that Ring incorrectly handled certain inputs. If a user or\nan automated system were tricked into opening a specially crafted input file,\na remote attacker could possibly use this issue to cause a denial of service.\nThis issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. \n(CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302, \nCVE-2021-43303, CVE-2021-43804, CVE-2021-43845, CVE-2022-21723, \nCVE-2022-23537, CVE-2022-23547, CVE-2022-23608, CVE-2022-24754,\nCVE-2022-24763, CVE-2022-24764, CVE-2022-24793, CVE-2022-31031,\nCVE-2022-39244)\n\nIt was discovered that Ring incorrectly handled certain inputs. If a user or\nan automated system were tricked into opening a specially crafted input file,\na remote attacker could possibly use this issue to cause a denial of service.\nThis issue only affected Ubuntu 20.04 LTS. (CVE-2022-21722)\n\nIt was discovered that Ring incorrectly handled certain inputs. If a user or\nan automated system were tricked into opening a specially crafted input file,\na remote attacker could possibly use this issue to cause a denial of service.\n(CVE-2023-27585)\n","modified":"2026-02-10T04:43:22Z","published":"2023-10-09T15:09:52Z","related":["UBUNTU-CVE-2021-37706","UBUNTU-CVE-2021-43299","UBUNTU-CVE-2021-43300","UBUNTU-CVE-2021-43301","UBUNTU-CVE-2021-43302","UBUNTU-CVE-2021-43303","UBUNTU-CVE-2021-43804","UBUNTU-CVE-2021-43845","UBUNTU-CVE-2022-21722","UBUNTU-CVE-2022-21723","UBUNTU-CVE-2022-23537","UBUNTU-CVE-2022-23547","UBUNTU-CVE-2022-23608","UBUNTU-CVE-2022-24754","UBUNTU-CVE-2022-24763","UBUNTU-CVE-2022-24764","UBUNTU-CVE-2022-24793","UBUNTU-CVE-2022-31031","UBUNTU-CVE-2022-39244","UBUNTU-CVE-2023-27585"],"upstream":["CVE-2021-37706","CVE-2021-43299","CVE-2021-43300","CVE-2021-43301","CVE-2021-43302","CVE-2021-43303","CVE-2021-43804","CVE-2021-43845","CVE-2022-21722","CVE-2022-21723","CVE-2022-23537","CVE-2022-23547","CVE-2022-23608","CVE-2022-24754","CVE-2022-24763","CVE-2022-24764","CVE-2022-24793","CVE-2022-31031","CVE-2022-39244","CVE-2023-27585","UBUNTU-CVE-2021-37706","UBUNTU-CVE-2021-43299","UBUNTU-CVE-2021-43300","UBUNTU-CVE-2021-43301","UBUNTU-CVE-2021-43302","UBUNTU-CVE-2021-43303","UBUNTU-CVE-2021-43804","UBUNTU-CVE-2021-43845","UBUNTU-CVE-2022-21722","UBUNTU-CVE-2022-21723","UBUNTU-CVE-2022-23537","UBUNTU-CVE-2022-23547","UBUNTU-CVE-2022-23608","UBUNTU-CVE-2022-24754","UBUNTU-CVE-2022-24763","UBUNTU-CVE-2022-24764","UBUNTU-CVE-2022-24793","UBUNTU-CVE-2022-31031","UBUNTU-CVE-2022-39244","UBUNTU-CVE-2023-27585"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6422-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-37706"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-43299"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-43300"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-43301"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-43302"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-43303"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-43804"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-43845"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-21722"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-21723"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-23537"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-23547"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-23608"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-24754"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-24763"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-24764"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-24793"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-31031"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-39244"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-27585"}],"affected":[{"package":{"name":"ring","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/ring@20180228.1.503da2b~ds1-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20180228.1.503da2b~ds1-1ubuntu0.1~esm1"}]}],"versions":["20170803.2.5fcfe3f~dfsg1-1","20171024.1.eadbdeb~ds1-1","20171129.2.cf5bbff~ds1-1","20171129.2.cf5bbff~ds1-2","20180119.1.9e06f94~ds1-1","20180119.1.9e06f94~ds1-3","20180222.1.7bffde2~ds2-2","20180228.1.503da2b~ds1-1","20180228.1.503da2b~ds1-1build1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"ring","binary_version":"20180228.1.503da2b~ds1-1ubuntu0.1~esm1"},{"binary_name":"ring-daemon","binary_version":"20180228.1.503da2b~ds1-1ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6422-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"id":"CVE-2021-37706","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-43299","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-43300","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-43301","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-43302","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-43303","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-43804","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-43845","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-21723","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-23537","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-23547","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-23608","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2022-24754","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-24763","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-24764","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-24793","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-31031","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-39244","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-27585","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}},{"package":{"name":"ring","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/ring@20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1"}]}],"versions":["20190215.1.f152c98~ds1-1","20190215.1.f152c98~ds1-1build1","20190215.1.f152c98~ds1-1build2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"jami","binary_version":"20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1"},{"binary_name":"jami-daemon","binary_version":"20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1"},{"binary_name":"ring","binary_version":"20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1"},{"binary_name":"ring-daemon","binary_version":"20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6422-1.json","cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"id":"CVE-2021-37706","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-43299","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-43300","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-43301","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-43302","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-43303","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-43804","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-43845","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-21722","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-21723","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-23537","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-23547","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-23608","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2022-24754","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-24763","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-24764","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-24793","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-31031","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-39244","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-27585","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}}],"schema_version":"1.7.3"}