基础信息
项目名称:WolfireGames/overgrowth
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1719770101904621568/1719770101967536128
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| 低危 | ||||
| Lua 缓冲区溢出漏洞 | 缓冲区溢出 | MPS-2014-4296 | CVE-2014-5461 | 中危 |
| libpng 安全漏洞 | 空指针取消引用 | MPS-2017-1020 | CVE-2016-10087 | 高危 |
| Digia Qt 安全漏洞 | 缓冲区溢出 | MPS-2017-11146 | CVE-2017-15011 | 高危 |
| OpenCV 缓冲区错误漏洞 | 缓冲区溢出 | MPS-2017-14553 | CVE-2017-17760 | 中危 |
| OpenCV 安全漏洞 | 双重释放 | MPS-2017-3892 | CVE-2016-1516 | 高危 |
| OpenCV 输入验证漏洞 | 输入验证不恰当 | MPS-2017-3893 | CVE-2016-1517 | 中危 |
| Silicon Graphics LibTIFF 安全漏洞 | 越界读取 | MPS-2017-5747 | CVE-2017-9147 | 中危 |
| OpenCV 安全漏洞 | 越界写入 | MPS-2017-8482 | CVE-2017-12597 | 高危 |
| OpenCV 安全漏洞 | 越界读取 | MPS-2017-8483 | CVE-2017-12598 | 高危 |
| OpenCV 安全漏洞 | 越界读取 | MPS-2017-8484 | CVE-2017-12599 | 高危 |
| OpenCV 安全漏洞 | 拒绝服务 | MPS-2017-8485 | CVE-2017-12600 | 高危 |
| OpenCV 缓冲区错误漏洞 | 经典缓冲区溢出 | MPS-2017-8486 | CVE-2017-12601 | 高危 |
| OpenCV 安全漏洞 | 拒绝服务 | MPS-2017-8487 | CVE-2017-12602 | 高危 |
| OpenCV 缓冲区错误漏洞 | 越界写入 | MPS-2017-8488 | CVE-2017-12603 | 高危 |
| OpenCV 安全漏洞 | 越界写入 | MPS-2017-8489 | CVE-2017-12604 | 高危 |
| OpenCV 安全漏洞 | 越界写入 | MPS-2017-8490 | CVE-2017-12605 | 高危 |
| OpenCV 安全漏洞 | 越界写入 | MPS-2017-8491 | CVE-2017-12606 | 高危 |
| OpenCV 缓冲区错误漏洞 | 越界读取 | MPS-2018-0005 | CVE-2017-18009 | 高危 |
| Opencv 数字错误漏洞 | 整数溢出或环绕 | MPS-2018-0025 | CVE-2017-1000450 | 高危 |
| OpenCV 缓冲区错误漏洞 | 越界写入 | MPS-2018-0212 | CVE-2018-5268 | 中危 |
| OpenCV 安全漏洞 | 可达断言 | MPS-2018-0213 | CVE-2018-5269 | 中危 |
| Digia Qt 资源管理错误漏洞 | 双重释放 | MPS-2018-16320 | CVE-2018-15518 | 高危 |
| Digia Qt 代码问题漏洞 | 空指针取消引用 | MPS-2018-16329 | CVE-2018-19870 | 高危 |
| Digia Qt 资源管理错误漏洞 | 拒绝服务 | MPS-2018-16330 | CVE-2018-19871 | 中危 |
| Digia Qt 缓冲区错误漏洞 | 缓冲区溢出 | MPS-2018-16331 | CVE-2018-19873 | 严重 |
| Digia Qt 输入验证错误漏洞 | 输入验证不恰当 | MPS-2018-16491 | CVE-2018-19869 | 中危 |
| OpenCV 安全漏洞 | 可达断言 | MPS-2018-2747 | CVE-2018-7712 | 高危 |
| OpenCV 安全漏洞 | 可达断言 | MPS-2018-2748 | CVE-2018-7713 | 高危 |
| libpng 数字错误漏洞 | 除零错误 | MPS-2018-9315 | CVE-2018-13785 | 中危 |
| libpng 安全漏洞 | 输入验证不恰当 | MPS-2018-9648 | CVE-2018-14048 | 中危 |
| Lua 资源管理错误漏洞 | UAF | MPS-2019-0958 | CVE-2019-6706 | 高危 |
| OpenCV 数字错误漏洞 | 除零错误 | MPS-2019-11014 | CVE-2019-15939 | 中危 |
| libpng 资源管理错误漏洞 | UAF | MPS-2019-1241 | CVE-2019-7317 | 中危 |
| OpenCV 缓冲区错误漏洞 | 越界读取 | MPS-2019-15873 | CVE-2019-19624 | 中危 |
| node-opencv 操作系统命令注入漏洞 | OS命令注入 | MPS-2019-2986 | CVE-2019-10061 | 严重 |
| libpng 缓冲区错误漏洞 | 越界写入 | MPS-2019-7748 | CVE-2018-14550 | 高危 |
| libpng 输入验证错误漏洞 | 输入验证不恰当 | MPS-2019-7770 | CVE-2017-12652 | 严重 |
| OpenCV 缓冲区错误漏洞 | 越界读取 | MPS-2019-9066 | CVE-2019-14491 | 高危 |
| OpenCV 缓冲区错误漏洞 | 越界写入 | MPS-2019-9067 | CVE-2019-14492 | 高危 |
| OpenCV 代码问题漏洞 | 空指针取消引用 | MPS-2019-9068 | CVE-2019-14493 | 高危 |
| Lua 资源管理错误漏洞 | 越界写入 | MPS-2020-10733 | CVE-2020-15888 | 高危 |
| Lua 缓冲区错误漏洞 | 越界读取 | MPS-2020-10734 | CVE-2020-15889 | 严重 |
| Lua 安全漏洞 | MPS-2020-10861 | CVE-2020-15945 | 中危 | |
| Qt 缓冲区错误漏洞 | 越界读取 | MPS-2020-11445 | CVE-2020-17507 | 中危 |
| Lua 缓冲区错误漏洞 | 缓冲区溢出 | MPS-2020-11559 | CVE-2020-24342 | 高危 |
| Lua 代码问题漏洞 | 空指针取消引用 | MPS-2020-11623 | CVE-2020-24369 | 高危 |
| Lua 数字错误漏洞 | 超界折返 | MPS-2020-11624 | CVE-2020-24370 | 中危 |
| Lua 安全漏洞 | 对无效指针或索引的释放 | MPS-2020-11625 | CVE-2020-24371 | 中危 |
| Digia Qt 缓冲区错误漏洞 | XML实体扩展 | MPS-2020-1223 | CVE-2015-9541 | 高危 |
| qt Library 代码问题漏洞 | 不可信的搜索路径 | MPS-2020-12933 | CVE-2020-0570 | 高危 |
| Digia Qt 资源管理错误漏洞 | 不加限制或调节的资源分配 | MPS-2020-3029 | CVE-2018-21035 | 高危 |
| Digia Qt 资源管理错误漏洞 | UAF | MPS-2020-6641 | CVE-2020-12267 | 严重 |
| Digia Qt和Mumble 安全漏洞 | 未经检查的错误条件 | MPS-2020-8355 | CVE-2020-13962 | 高危 |
| Qt QLibrary 缓冲区错误漏洞 | 越界写入 | MPS-2021-16565 | CVE-2021-38593 | 高危 |
| Qt QLibrary 安全漏洞 | 路径遍历 | MPS-2021-16961 | CVE-2020-24742 | 高危 |
| Lua 缓冲区错误漏洞 | 未经控制的递归 | MPS-2021-35333 | CVE-2021-43519 | 中危 |
| Lua 安全漏洞 | UAF | MPS-2021-38463 | CVE-2021-44964 | 中危 |
| Lua 安全漏洞 | 越界写入 | MPS-2022-0033 | CVE-2021-45985 | 高危 |
| Lua 安全漏洞 | 越界写入 | MPS-2022-18230 | CVE-2022-33099 | 高危 |
| OpenSSL 存在任意命令执行漏洞 | OS命令注入 | MPS-2022-18279 | CVE-2022-2068 | 严重 |
| OpenSSL 存在加密信息不全漏洞 | 加密强度不足 | MPS-2022-19044 | CVE-2022-2097 | 高危 |
| Qt 安全漏洞 | 路径遍历 | MPS-2022-4762 | CVE-2022-25634 | 高危 |
| OpenSSL 拒绝服务漏洞 | 不可达退出条件的循环(无限循环) | MPS-2022-5555 | CVE-2022-0778 | 高危 |
| Python 安全漏洞 | ReDoS | MPS-2022-57238 | CVE-2022-40897 | 中危 |
| libpng 代码问题漏洞 | 空指针取消引用 | MPS-2022-63559 | CVE-2022-3857 | 中危 |
| OpenSSL 安全漏洞 | 通过差异性导致的信息暴露 | MPS-2022-66954 | CVE-2022-4304 | 中危 |
| OpenSSL 资源管理错误漏洞 | 双重释放 | MPS-2022-67892 | CVE-2022-4450 | 高危 |
| Lua 缓冲区错误漏洞 | 越界读取 | MPS-2022-7875 | CVE-2022-28805 | 严重 |
| OpenSSL 操作系统命令注入漏洞 | OS命令注入 | MPS-2022-8314 | CVE-2022-1292 | 严重 |
| OpenSSL 资源管理错误漏洞 | UAF | MPS-2023-1276 | CVE-2023-0215 | 高危 |
| OpenSSL拒绝服务漏洞(X.509 GeneralName类型混淆) | 不正确的类型转换 | MPS-2023-1620 | CVE-2023-0286 | 高危 |
| OpenSSL 验证 X.509 策略约束存在拒绝服务漏洞 | 拒绝服务 | MPS-2023-2810 | CVE-2023-0464 | 中危 |
| OpenSSL 信任管理问题漏洞 | 证书验证不恰当 | MPS-2023-2811 | CVE-2023-0465 | 中危 |
| OpenSSL 存在证书验证不当 | 证书验证不恰当 | MPS-2023-2812 | CVE-2023-0466 | 中危 |
| OpenSSL ASN.1对象标识符转换拒绝服务漏洞 | 拒绝服务 | MPS-9dro-82lx | CVE-2023-2650 | 中危 |
| Qt 安全漏洞 | 不可达退出条件的循环(无限循环) | MPS-e6af-vlzn | CVE-2023-38197 | 高危 |
| OpenSSL 安全漏洞 | 过度迭代 | MPS-n3pe-ljgc | CVE-2023-3817 | 中危 |
| OpenCV 代码问题漏洞 | 空指针取消引用 | MPS-r2m7-x6z0 | CVE-2023-2617 | 高危 |
| OpenCV 安全漏洞 | 内存泄漏 | MPS-t7yp-ev9j | CVE-2023-2618 | 高危 |
| Qt 安全漏洞 | MPS-v6zh-ckos | CVE-2023-32762 | 中危 | |
| OpenSSL在Windows中POLY1305 MAC破坏XMM寄存器导致拒绝服务 | 硬件寄存器清零不当 | MPS-yczn-dfs2 | CVE-2023-4807 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| lua | 5.1.4 | 间接依赖 | 建议修复 | |
| qt | 5.8.0 | 6.2.10 | 间接依赖 | 建议修复 |
| libpng | 1.6.20 | 间接依赖 | 建议修复 | |
| opencv | 4.5.3 | 间接依赖 | 建议修复 | |
| openssl | 1.1.1m | 1.1.1w | 间接依赖 | 建议修复 |
| lua | 5.3.4 | 间接依赖 | 建议修复 | |
| setuptools | 39.2.0 | 65.5.1 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| Zlib | 5 | 低 |
| LGPL-2.1 | 1 | 中 |
| 自定义许可证 | 4 | 低 |
| MIT | 6 | 低 |
| Apache-2.0 | 2 | 低 |
| OpenSSL | 2 | 低 |
| ISC | 2 | 低 |
| LGPL-3.0 | 1 | 中 |
| BSD-3-Clause | 1 | 低 |
| ZLIB | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| robot_bases | 间接依赖 | pip | |
| recastnavigation | cci.20200511 | 间接依赖 | |
| WINMM.DLL | 间接依赖 | ||
| Qt5Gui.dll | 间接依赖 | ||
| libz.so.1 | 间接依赖 | ||
| /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox | 间接依赖 | ||
| /usr/lib/libresolv.9.dylib | 间接依赖 | ||
| librt.so.1 | 间接依赖 | ||
| geos | 间接依赖 | ||
| Qt5Widgets.dll | 间接依赖 | ||
| api-ms-win-core-winrt-string-l1-1-0.dll | 间接依赖 | ||
| libvorbis.dll | 间接依赖 | ||
| mathutils | 间接依赖 | pip | |
| Euler | 间接依赖 | pip | |
| /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices | 间接依赖 | ||
| ld-linux-x86-64.so.2 | 间接依赖 | ||
| opencv | 间接依赖 | ||
| opencv | 4.5.3 | 间接依赖 | |
| api-ms-win-crt-utility-l1-1-0.dll | 间接依赖 | ||
| openssl | 1.1.1m | 间接依赖 | |
| api-ms-win-crt-time-l1-1-0.dll | 间接依赖 | ||
| VERSION.dll | 间接依赖 | ||
| libwinpthread-1.dll | 间接依赖 | ||
| ld-linux.so.2 | 间接依赖 | ||
| openssl | 间接依赖 | ||
| SETUPAPI.dll | 间接依赖 | ||
| /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL | 间接依赖 | ||
| api-ms-win-crt-stdio-l1-1-0.dll | 间接依赖 | ||
| registry | 间接依赖 | pip | |
| libm.so.2 | 间接依赖 | ||
| blahjiggity | 间接依赖 | ||
| libgcc_s_sjlj-1.dll | 间接依赖 | ||
| /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices | 间接依赖 | ||
| @rpath/SDL2.framework/Versions/A/SDL2 | 间接依赖 | ||
| MSVCP110.dll | 间接依赖 | ||
| ole32.dll | 间接依赖 | ||
| /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore | 间接依赖 | ||
| libc.so.1 | 间接依赖 | ||
| angelscript | 2.35.0 | 间接依赖 | |
| lua | 5.3.4 | 间接依赖 | |
| qrot | 间接依赖 | pip | |
| IPHLPAPI.DLL | 间接依赖 | ||
| imagehlp.dll | 间接依赖 | ||
| bullet3 | 间接依赖 | ||
| /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation | 间接依赖 | ||
| /usr/lib/libgcc_s.1.dylib | 间接依赖 | ||
| api-ms-win-core-winrt-error-l1-1-0.dll | 间接依赖 | ||
| Qt5Core.dll | 间接依赖 | ||
| MSVCR80.dll | 间接依赖 | ||
| sdl_net | 2.0.1 | 间接依赖 | |
| api-ms-win-crt-string-l1-1-0.dll | 间接依赖 | ||
| /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate | 间接依赖 | ||
| mpi4py | 间接依赖 | pip | |
| gdal | 间接依赖 | ||
| Vector | 间接依赖 | pip | |
| /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration | 间接依赖 | ||
| libCstd.so.1 | 间接依赖 | ||
| api-ms-win-crt-heap-l1-1-0.dll | 间接依赖 | ||
| libcrypto.so.1.0.0 | 间接依赖 | ||
| /System/Library/Frameworks/QTKit.framework/Versions/A/QTKit | 间接依赖 | ||
| crunch | 间接依赖 | ||
| /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon | 间接依赖 | ||
| make | 间接依赖 | pip | |
| /usr/lib/libstdc++.6.dylib | 间接依赖 | ||
| /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit | 间接依赖 | ||
| dwmapi.dll | 间接依赖 | ||
| pybullet_envs | 间接依赖 | pip | |
| WININET.dll | 间接依赖 | ||
| robot_pendula | 间接依赖 | pip | |
| libogg.dll | 间接依赖 | ||
| libopenal.so.1 | 间接依赖 | ||
| qt | 5.8.0 | 间接依赖 | |
| WINMM.dll | 间接依赖 | ||
| libdl.so.2 | 间接依赖 | ||
| dxgi.dll | 间接依赖 | ||
| normalize_screen_coordinates | 间接依赖 | pip | |
| libpthread.so.0 | 间接依赖 | ||
| update_timestep | 间接依赖 | pip | |
| WS2_32.dll | 间接依赖 | ||
| vorbis | 间接依赖 | ||
| /usr/lib/libz.1.dylib | 间接依赖 | ||
| api-ms-win-crt-environment-l1-1-0.dll | 间接依赖 | ||
| libgcc_s.so.1 | 间接依赖 | ||
| KERNEL32.dll | 间接依赖 | ||
| /usr/lib/libcups.2.dylib | 间接依赖 | ||
| /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo | 间接依赖 | ||
| libprotoc.dll | 间接依赖 | ||
| qinverse | 间接依赖 | pip | |
| api-ms-win-crt-filesystem-l1-1-0.dll | 间接依赖 | ||
| api-ms-win-crt-convert-l1-1-0.dll | 间接依赖 | ||
| MSVCP140.dll | 间接依赖 | ||
| /usr/lib/libobjc.A.dylib | 间接依赖 | ||
| USER32.dll | 间接依赖 | ||
| libpng | 1.6.20 | 间接依赖 | |
| /System/Library/Frameworks/Security.framework/Versions/A/Security | 间接依赖 | ||
| zlib | 间接依赖 | ||
| SDL2.dll | 间接依赖 | ||
| IMM32.dll | 间接依赖 | ||
| libc.so.6 | 间接依赖 | ||
| /usr/lib/libSystem.B.dylib | 间接依赖 | ||
| OpenAL32.dll | 间接依赖 | ||
| robot_locomotors | 间接依赖 | pip | |
| OpenDDS | 间接依赖 | ||
| VCRUNTIME140_1.dll | 间接依赖 | ||
| SHELL32.dll | 间接依赖 | ||
| network_security_services | 3.13.1 | 间接依赖 | |
| libstdc++.so.6 | 间接依赖 | ||
| image_coordinates | 间接依赖 | pip | |
| update_world | 间接依赖 | pip | |
| dot | 间接依赖 | pip | |
| breakpad | cci.20210521 | 间接依赖 | |
| api-ms-win-crt-runtime-l1-1-0.dll | 间接依赖 | ||
| @executable_path/Awesomium | 间接依赖 | ||
| openssl | 间接依赖 | ||
| tcpdump | 间接依赖 | ||
| OPENGL32.DLL | 间接依赖 | ||
| /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit | 间接依赖 | ||
| libelf.so.1 | 间接依赖 | ||
| Matrix | 间接依赖 | pip | |
| robot_manipulators | 间接依赖 | pip | |
| Process | 间接依赖 | pip | |
| libdemangle.so.1 | 间接依赖 | ||
| /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio | 间接依赖 | ||
| lua | 5.1.4 | 间接依赖 | |
| gym | 间接依赖 | pip | |
| inverse_kinematics | 间接依赖 | pip | |
| VCRUNTIME140.dll | 间接依赖 | ||
| OLEAUT32.dll | 间接依赖 | ||
| api-ms-win-crt-math-l1-1-0.dll | 间接依赖 | ||
| MSVCR110.dll | 间接依赖 | ||
| MPR.DLL | 间接依赖 | ||
| libm.so.6 | 间接依赖 | ||
| libprotobuf.dll | 间接依赖 | ||
| /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation | 间接依赖 | ||
| UxTheme.dll | 间接依赖 | ||
| ld-linux-aarch64.so.1 | 间接依赖 | ||
| IMM32.DLL | 间接依赖 | ||
| minitaur | 间接依赖 | pip | |
| /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit | 间接依赖 | ||
| libCrun.so.1 | 间接依赖 | ||
| bullet3 | 2.89 | 间接依赖 | |
| allclose | 间接依赖 | pip | |
| WSOCK32.DLL | 间接依赖 | ||
| GDI32.dll | 间接依赖 | ||
| ADVAPI32.dll | 间接依赖 | ||
| crunch | cci.20190615 | 间接依赖 | |
| CRYPT32.dll | 间接依赖 | ||
| api-ms-win-core-winrt-l1-1-0.dll | 间接依赖 | ||
| d3d11.dll | 间接依赖 | ||
| libstdc++-6.dll | 间接依赖 | ||
| api-ms-win-crt-locale-l1-1-0.dll | 间接依赖 | ||
| msvcrt.dll | 间接依赖 | ||
| setuptools | 39.2.0 | 间接依赖 | pip |
| pybullet_utils | 间接依赖 | pip | |
| Pipe | 间接依赖 | pip |