Release Notes for Solace PubSub+ Event Broker, Version 10.0.1.41
June 2022

Final Software Release for CHS-3560AC-01-A and CHS-3530AC-01-A

Solace PubSub+ Event Broker 10.0.1 will be the final software release supporting the following variants of the PubSub+ Appliance:
* CHS-3560AC-01-A
* CHS-3530AC-01-A

Feature Disabled: Cut-Through Persistence (CTP)

Solace Cut-Through Persistence (CTP), also known as Cut-Through Messaging, has been deprecated with plans to remove this functionality from all Solace Products starting May 31, 2022. Note that Solace Cloud does not support CTP.
CTP has been deprecated in the following releases:
PubSub+ Event Broker 10.0.0
CTP has been removed in the following releases:
PubsSub+ Messaging API for JavaRTO 10.0.0
Please verify that your organization does not use CTP by typing "show message-spools stats" in the command line interface of your PubSub+ event broker and check that "messages delivered cut-through = 0". If your organization is using CTP, please contact Solace at support@solace.com.

Release 10.0.1 Lifecycle

Solace PubSub+ Event Broker, Version 10.0.1 is a Production Release with Long Term Support. Full support for this release will be provided until June 15, 2025. The support duration for releases can be found at https://solace.com/support.

New Features Introduced in Release 10.0

This section lists the new features in the Solace PubSub+ Event Broker, Release 10.0.
NameDescriptionIntroduced in Version
TLS for Syslog Connections
Broker logging facilities can now connect to a remote syslog receiver using TLS. The use of TLS ensures integrity and confidentiality of the logs during transport.
10.0.1.41
HA-Aware (High Availability) Cache Manager
In previous releases, the Cache Manager had to be manually activated on a broker following an HA fail-over. This limitation has been removed, Cache Manager activity status now follows broker HA activity status.
With this enhancement, there is no need for a broker administrator to manually activate the Cache Manager following an HA fail-over. This eliminates the risk of a PubSub+ Cache outage caused by cache instances being restarted after an HA fail-over before the administrator has enabled the Cache Manager.
10.0.1.41
Allow Configuration of JSON Output for System and Event syslog Logs
The syslog entries for the "system" and "event" logs can now be configured to be in JSON format. This allows for efficient parsing and processing of log entries especially when forwarded to a remote syslog receiver.
10.0.1.41
Manager - Remove Cross Origin Requests Requirement From Wizards
This feature allows all Manager wizards to function even when CORS access is restricted on the broker.
10.0.1.41
Support DMR plus Replication/DR With A Mixture Of Replication-Enabled And Replication-Disabled Message-VPNs
When using multiple message-VPNs on a PubSub+ event broker, an administrator may only want to enable replication on a subset of those message-VPNs. In previous releases, if the brokers that were connected in an event mesh using Dynamic Message Routing (DMR), this was not possible - replication needed to be enabled on either all or none of the message-VPNs. With this feature, you can now enable replication on a subset of the message-VPNs while still using DMR to create the event mesh.
10.0.1.41
Client Certificate Matching for DMR Links
Certificate matching rules can now be configured for DMR clusters using client certificate authentication. A client certificate presented by a link initiator must satisfy all the conditions and attribute filters of one of the rules in order to be used as a credential. The conditions of a rule can relate information obtained from the certificate to attributes of the DMR link, and the attribute filters can limit the rule to only apply to a subset of links with certain attributes. This can be used to restrict the types of certificates that can be used by a DMR link partner and authenticate it based on certificate contents.
10.0.1.41
Replay Service - Configurable Topics
Enables broker administrator to configure topics (including Prefixes/Wildcards) that are eligible for storage in the Replay Log.
With this feature, the replay log contents can be limited to just the set of messages that are important enough to retain for replay, reducing the frequency of replay log pruning, and enabling replay on brokers with limited resources.
10.0.0.39
Replay Messages to a Temporary Endpoint
This feature allows messages to be replayed to a named temporary endpoint.
With this feature, an application can use a Solace messaging API to create a named temporary queue, add topic subscriptions to that queue, and then initiate a replay to the temporary queue. This is useful for applications that wish to consume messages from the replay log using a temporary endpoint which will automatically be removed from the broker when the application disconnects.
10.0.0.39
Copy One Message to an Endpoint
This feature introduces a new management command to copy a single message from one endpoint (either a queue or a topic endpoint) to another endpoint, or from the replay log to an endpoint. Broker administrators can use the command to initiate re-delivery of a specific message to an application.
For example, if the broker moves a message to a dead message queue (DMQ) because an application is unable to consume the message (e.g. max-redeliveries exceeded, or TTL time-out), the administrator can use this command to copy that message from the DMQ back to the original queue once the application issues have been resolved.
10.0.0.39
RDP Wizard for Google Run
This feature provides a dedicated Google Cloud Run PubSub+ Wizard to configure an RDP to Google Run.
10.0.0.39
Client Certificate to Message-VPN Matching
Certificate matching rules can now be configured per message-VPN. A client certificate must satisfy all the conditions and attribute filters of at least one rule in order to be used as a credential in that message-VPN. The conditions of a rule can relate information obtained in the certificate to attributes of the client user, and attribute filters can limit the rule to only apply to a subset of client users with certain attributes. This can be used to restrict the types of certificates that can be used by a client to log into a message-VPN.
10.0.0.39

Issues Resolved in Release 10.0

This section lists the resolved issues in the Solace PubSub+ Event Broker, Release 10.0.
Reference NumberDescriptionResolved in Version
SOL-54267
ACL rules for REST and AMQP applications might not be respected when applications publish messages immediately after connecting to the Solace broker. This is caused by a timing issue whereby the application has managed to send the message before the Solace broker has completed applying the ACL profile.
10.0.1.41
SOL-59514
VPNs with DMR enabled can remain down for a longer than expected period of time after a broker reboots.
10.0.1.41
SOL-59939
Exceeding the maximum number of system wide shared subscriptions will trigger the CLIENT_CLIENT_MAX_SUBSCRIPTIONS_EXCEEDED event.
10.0.1.41
SOL-60734
Due to a miscalculation, the Average value for Compute Latency displayed in "show system health" may appear higher than the Maximum value.
10.0.1.41
SOL-63024
PubSub+ doesn't start on Linux kernels greater than 5.14.
10.0.1.41
SOL-64046
In rare cases a network interface may be falsely marked as down following restart of the PubSub+ container. This impacts only the software broker.
10.0.1.41
SOL-64319
The Content Security Policy for SEMPv2 and the Solace PubSub+ Manager is too permissive.
10.0.1.41
SOL-64980
The router-name in the auto-generated REST reply-to topic for a REST publisher uses the local Virtual Router instead of the Virtual Router the REST publisher connects to. The HA DMR deployment supports only the Active-Standby Role for which only the Primary Virtual Router subscriptions are considered. This prevents REST reply-to topics working across DMR links when the REST publisher connects to the Backup Virtual Router.
Current behavior:
-Publishing to the primary router of an HA group will generate: #P2P/v:<solace-primary-router-name>/<rest-client-name>/<topic>
-Publishing to the backup router of an HA group will generate: #P2P/v:<solace-backup-router-name>/<rest-client-name>/<topic>
In a future release the behavior will become:
-Publishing to both the primary and backup route of an HA group will generate: #P2P/v:<solace-primary-router-name>/<rest-client-name>/<topic>
10.0.1.41
SOL-65549
After switching the management interfaces to promiscuous mode and back, the management interfaces will stop responding to ARP requests.
A reboot is required to recover.
This issue only affects CHS-3560AC-05-A and CHS-3530AC-03-A.
Workaround:
Be careful when switching the management interfaces to promiscuous mode via commands such as tcpdump.
Either reboot the appliance after the tcpdump is done, or run tcpdump without promiscuous mode.
10.0.1.41
SOL-65631
The interface stats "Rx Bad Frames", "Rx CRC Error Frames", and "Tx Dropped Frames" are missing for NAB-0210EM-04-A, and NAB-0610EM-01-A ports 5 and 6.
10.0.1.41
SOL-66869
If an outgoing TLS connection from the broker (where outgoing connections include bridge, REST consumer, DMR links and MNR connections) is configured to use server name validation and the server certificate returned includes a long list of Subject Alternate Names (SANs) a small amount of memory is leaked if the server name validation fails.
10.0.1.41
SOL-68659
SNMP may become administratively disabled after a broker reboot.
When upgrading from affected versions, SNMP will become administratively disabled. Note that after completing an upgrade from an affected version, the operator must manually re-enable SNMP on the broker. This includes upgrades from an affected version to a version with a fix for this issue.
This issue affects the following versions: 9.12.0.15, 9.12.1.17, 9.12.1.26, 9.13.0.16, 9.13.1.36, 9.13.1.38, 9.13.1.46, 10.0.0.39
10.0.1.41
SOL-70105
Broker events ROUTING_CSPF_CONN_UP and ROUTING_CSPF_CONN_DOWN contain an extra ':' following the IP address. For example 192.168.1.10::12345 or 192.168.1.10:.
10.0.1.41
SOL-70392
On appliances that use the TRB for topic routing an incoming message that matches 16 or more destinations may not, under very heavy load and only in exceptionally rare circumstances, be delivered to all matching destinations and with no indication of a discard. This issue does not impact software brokers or appliances that use the NAB for topic routing (where appliances that use the NAB for topic routing are those with either a NAB-0410EM-01 or NAB-0810EM-01 and are running SolOS 9.5.0.30 or later).
10.0.1.41
SOL-70515
Rapidly applying a very large set of configuration changes, such as adding many topics to a queue, may lead to config-sync falling out of sync at the VPN level.
10.0.1.41
SOL-70994
Within the event log for CLIENT_CLIENT_BIND_SUCCESS, the 'topic' and 'selector' value in key/value pair are not recorded correctky. For example, 'Topic(t/1)' instead of 't/1'.
10.0.1.41
SOL-72541
The broker may unexpectedly reach its limit of maximum shared subscriptions after which clients will not be able to add new shared subscriptions until the broker is rebooted.
10.0.1.41
SOL-56110
With a very slow disk, the message spool operational status may remain AD-NotReady following a broker reboot.
10.0.0.39
SOL-61118
The broker may leak memory when the config-sync client is unable to bind to a queue due to the system exceeding the maximum egress flow limit.
10.0.0.39

Changed Functionality in Release 10.0

This section lists the changed functionality in the Solace PubSub+ Event Broker, Release 10.0.
Reference NumberDescriptionIntroduced in Version
SOL-47216
The command 'show message-spool rates' (and its SEMPv1 and SEMPv2) equivalents now support paging. When the response to this command is large, it may automatically be paged by the broker.
10.0.1.41
SOL-48376
To facilitate the usage of automatically generated client-usernames, max-endpoints-per-client-username is no longer enforced when endpoints are created or have their owners modified via CLI/SEMP.
Note: In mixed-version DR setups, if a user configures more queues than the max-endpoints-per-client-username limit on a client-username on the newer broker, the older broker will fail to execute the config-sync'ed command and the brokers will fall out-of-sync.
The solution is to either upgrade the remaining brokers to the new version, or to ensure that max-endpoints-per-client-username is never exceeded.
10.0.1.41
SOL-60664
MQTT QOS 1 topic subscriptions can no longer be modified on the Broker CLI when the message-spool is administratively shutdown.
10.0.1.41
SOL-64621
Queues created by PubSub+ Manager Bridge Wizard will have Non-Owner Permission set to no-access instead of consume.
10.0.1.41
SOL-65593
Solace recommends using 'cursorQuery' instead of 'nextPageURI' as the cursor for the next page of objects in SEMPv2. In a future release, nextPageURI will be deprecated and removed. For more information, refer to https://docs.solace.com/API-Developer-Online-Ref-Documentation/swagger-ui/monitor/index.html.
10.0.1.41
SOL-69492
As a security enhancement, PubSub+ Manager wizards which access PubSub+ Cloud services are now required to use HTTPS.
10.0.1.41
SOL-71235
The maximum number of client-username attributes has been reduced on the PubSub+ Software Event Broker. The limits and alerts spreadsheet now documents these attributes. The following limits now apply:
200K connection tier - 32,000 (was 1,600,000)
100K connection tier - 32,000 (was 800,000)
10K connection tier - 16,000 (was 80,000)
1K connection tier - 4,000 (was 8,000)
100 connection tier - 100 (was 800)
10.0.1.41
SOL-69305
The ability to configure Cut-Through Persistence has been removed.
10.0.0.39

Vulnerabilities Addressed in Release 10.0

The following vulnerabilities have been resolved in the Solace PubSub+ Event Broker, Release 10.0.
Resolved in VersionSeverity (CVSS v3 Score)CVE NumberSolace Reference NumberAffected ProductsAffected ReleasesDescription
10.0.1.41CVSS v3: 9.8 (CRITICAL)CVE-2022-22822SOL-67945 SOL-68632 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. AlladdBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
10.0.1.41CVSS v3: 9.8 (CRITICAL)CVE-2022-22823SOL-67945 SOL-68632 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Allbuild_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
10.0.1.41CVSS v3: 9.8 (CRITICAL)CVE-2022-22824SOL-67945 SOL-68632 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. AlldefineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
10.0.1.41CVSS v3: 9.8 (CRITICAL)CVE-2022-23852SOL-67945 SOL-68632 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. AllExpat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
10.0.1.41CVSS v3: 9.8 (CRITICAL)CVE-2022-25235SOL-67945 SOL-68632 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Allxmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
10.0.1.41CVSS v3: 9.8 (CRITICAL)CVE-2022-25236SOL-67945 SOL-68632 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Allxmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
10.0.1.41CVSS v3: 9.8 (CRITICAL)CVE-2022-25315SOL-67945 SOL-68632 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. AllIn Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
10.0.1.41CVSS v3: 9.8 (CRITICAL)CVE-2022-23218SOL-68632 Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Releases 9.13.0 and higherThe deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
10.0.1.41CVSS v3: 9.8 (CRITICAL)CVE-2022-23219SOL-68632 Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Releases 9.13.0 and higherThe deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
10.0.1.41CVSS v3: 9.8 (CRITICAL)CVE-2022-0318SOL-68632 Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Releases 9.13.0 and higherHeap-based Buffer Overflow in vim/vim prior to 8.2.
10.0.1.41CVSS v3: 9.8 (CRITICAL)CVE-2022-22817SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. AllPIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used,
10.0.1.41CVSS v3: 9.8 (CRITICAL)CVE-2022-1154SOL-71051 SOL-72193 Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Pubsub+ Event Broker AWS AMI Software Broker. Releases 9.13.0 and higherUse after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
10.0.1.41CVSS v3: 9.8 (CRITICAL)CVE-2022-1292SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. AllThe c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).
10.0.1.41CVSS v3: 9.8 (CRITICAL)CVE-2020-27619SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. AllIn Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
10.0.1.41CVSS v3: 8.8 (HIGH)CVE-2022-27223SOL-65778 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Machine Image. AllIn drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.
10.0.1.41CVSS v3: 8.8 (HIGH)CVE-2021-45960SOL-67945 SOL-68632 SOL-70148 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Pubsub+ Event Broker AWS AMI Software Broker. AllIn Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
10.0.1.41CVSS v3: 8.8 (HIGH)CVE-2022-22825SOL-67945 SOL-68632 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Alllookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
10.0.1.41CVSS v3: 8.8 (HIGH)CVE-2022-22826SOL-67945 SOL-68632 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. AllnextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
10.0.1.41CVSS v3: 8.8 (HIGH)CVE-2022-22827SOL-67945 SOL-68632 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. AllstoreAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
10.0.1.41CVSS v3: 8.3 (HIGH)CVE-2021-42574SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. All** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard and the Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-right and right-to-left characters, the visual order of tokens may be different from their logical order. Additionally, control characters needed to fully support the requirements of bidirectional text can further obfuscate the logical order of tokens. Unless mitigated, an adversary could craft source code such that the ordering of tokens perceived by human reviewers does not match what will be processed by a compiler/interpreter/etc. The Unicode Consortium has documented this class of vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms, and in Unicode Standard Annex #31, Unicode Identifier and Pattern Syntax. Also, the BIDI specification allows applications to tailor the implementation in ways that can mitigate misleading visual reordering in program text; see HL4 in Unicode Standard Annex #9, Unicode Bidirectional Algorithm.
10.0.1.41CVSS v3: 8.1 (HIGH)CVE-2022-22576SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. AllAn improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
10.0.1.41CVSS v3: 8.1 (HIGH)CVE-2022-24903SOL-71752 SOL-72507 Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Releases 9.13.0 and higherRsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-24958SOL-65778 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Machine Image. Alldrivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-26490SOL-65778 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Machine Image. Allst21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-27666SOL-65778 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Machine Image. AllA heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2021-46143SOL-67945 SOL-68632 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. AllIn doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-0261SOL-68632 Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Releases 9.13.0 and higherHeap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-0359SOL-68632 Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Releases 9.13.0 and higherHeap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-0361SOL-68632 Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Releases 9.13.0 and higherHeap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-0392SOL-68632 Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Releases 9.13.0 and higherHeap-based Buffer Overflow in GitHub repository vim prior to 8.2.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-0413SOL-68632 SOL-72193 Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Pubsub+ Event Broker AWS AMI Software Broker. Releases 9.13.0 and higherUse After Free in GitHub repository vim/vim prior to 8.2.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-0554SOL-68968 SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. Pubsub+ Event Broker AWS AMI Software Broker. AllUse of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-0572SOL-68968 SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. Pubsub+ Event Broker AWS AMI Software Broker. AllHeap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-0629SOL-68968 SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. Pubsub+ Event Broker AWS AMI Software Broker. AllStack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-0685SOL-68968 SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. Pubsub+ Event Broker AWS AMI Software Broker. AllUse of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-1011SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. AllA use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-28389SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. Allmcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-28390SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. Allems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2020-35523SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. AllAn integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2020-35524SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. AllA heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-29581SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. AllImproper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-30594SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. AllThe Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-0408SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. AllStack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-0417SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. AllHeap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-0443SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. AllUse After Free in GitHub repository vim/vim prior to 8.2.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-1160SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. Allheap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-1381SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. Allglobal heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-29162SOL-72507 Allrunc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.
10.0.1.41CVSS v3: 7.8 (HIGH)CVE-2022-0492SOL-72686 Pubsub+ Event Broker Appliance. AllA vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
10.0.1.41CVSS v3: 7.5 (HIGH)CVE-2022-28356SOL-65778 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Machine Image. AllIn the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.
10.0.1.41CVSS v3: 7.5 (HIGH)CVE-2022-0778SOL-67937 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. AllThe BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
10.0.1.41CVSS v3: 7.5 (HIGH)CVE-2022-24785SOL-68536 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. AllMoment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
10.0.1.41CVSS v3: 7.5 (HIGH)CVE-2022-23308SOL-68632 Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Releases 9.13.0 and highervalid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
10.0.1.41CVSS v3: 7.5 (HIGH)CVE-2021-33560SOL-68968 Pubsub+ Event Broker AWS AMI Software Broker. AllLibgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
10.0.1.41CVSS v3: 7.5 (HIGH)CVE-2020-25709SOL-68968 Pubsub+ Event Broker AWS AMI Software Broker. AllA flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.
10.0.1.41CVSS v3: 7.5 (HIGH)CVE-2020-25710SOL-68968 Pubsub+ Event Broker AWS AMI Software Broker. AllA flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
10.0.1.41CVSS v3: 7.5 (HIGH)CVE-2018-25032SOL-69803 SOL-70794 SOL-70794 SOL-70795 SOL-71051 Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Releases 9.13.0 and higherzlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
10.0.1.41CVSS v3: 7.5 (HIGH)CVE-2022-27775SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. AllAn information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
10.0.1.41CVSS v3: 7.5 (HIGH)CVE-2021-3737SOL-70795 SOL-72193 Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Pubsub+ Event Broker AWS AMI Software Broker. Releases 9.13.0 and higherA flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
10.0.1.41CVSS v3: 7.5 (HIGH)CVE-2019-20916SOL-71051 Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Releases 9.13.0 and higherThe pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
10.0.1.41CVSS v3: 7.5 (HIGH)CVE-2022-0391SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. AllA flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.
10.0.1.41CVSS v3: 7.4 (HIGH)CVE-2021-3999SOL-68632 Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Releases 9.13.0 and higherA flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
10.0.1.41CVSS v3: 7.1 (HIGH)CVE-2022-1353SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. AllA vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
10.0.1.41CVSS v3: 7.1 (HIGH)CVE-2022-1271SOL-70148 SOL-70794 SOL-70794 SOL-71051 SOL-72319 Pubsub+ Event Broker AWS AMI Software Broker. Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. AllNo description is available for this CVE.
10.0.1.41CVSS v3: 7.1 (HIGH)CVE-2022-0393SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. AllOut-of-bounds Read in GitHub repository vim/vim prior to 8.2.
10.0.1.41CVSS v3: 7 (HIGH)CVE-2022-23036SOL-65778 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Machine Image. AllLinux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042
10.0.1.41CVSS v3: 7 (HIGH)CVE-2022-23037SOL-65778 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Machine Image. AllLinux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042
10.0.1.41CVSS v3: 7 (HIGH)CVE-2022-23038SOL-65778 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Machine Image. AllLinux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042
10.0.1.41CVSS v3: 7 (HIGH)CVE-2022-23039SOL-65778 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Machine Image. AllLinux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042
10.0.1.41CVSS v3: 7 (HIGH)CVE-2022-23040SOL-65778 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Machine Image. AllLinux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042
10.0.1.41CVSS v3: 7 (HIGH)CVE-2022-23041SOL-65778 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Machine Image. AllLinux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042
10.0.1.41CVSS v3: 7 (HIGH)CVE-2022-23042SOL-65778 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Machine Image. AllLinux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042
10.0.1.41CVSS v3: 7 (HIGH)CVE-2021-41617SOL-70795 Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Releases 9.13.0 and highersshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.
10.0.1.41CVSS v3: 6.6 (MEDIUM)CVE-2021-23177SOL-68632 Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Releases 9.13.0 and higherAn improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.
10.0.1.41CVSS v3: 6.6 (MEDIUM)CVE-2022-1015SOL-68968 Pubsub+ Event Broker AWS AMI Software Broker. AllA flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.
10.0.1.41CVSS v3: 6.5 (MEDIUM)CVE-2022-0001SOL-65778 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Machine Image. AllNon-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
10.0.1.41CVSS v3: 6.5 (MEDIUM)CVE-2022-0002SOL-65778 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Machine Image. AllNon-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
10.0.1.41CVSS v3: 6.5 (MEDIUM)CVE-2022-27776SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. AllA insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
10.0.1.41CVSS v3: 6.5 (MEDIUM)CVE-2022-22815SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. Allpath_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
10.0.1.41CVSS v3: 6.5 (MEDIUM)CVE-2022-22816SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. Allpath_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
10.0.1.41CVSS v3: 6.5 (MEDIUM)CVE-2022-0865SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. AllReachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
10.0.1.41CVSS v3: 6.5 (MEDIUM)CVE-2021-3634SOL-70795 Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Releases 9.13.0 and higherA flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.
10.0.1.41CVSS v3: 6.5 (MEDIUM)CVE-2021-3733SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. AllThere's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
10.0.1.41CVSS v3: 6.2 (MEDIUM)CVE-2022-1729SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. AllA use-after-free flaw was found in the Linux kernel’s performance events functionality. A user triggers a race condition in setting up performance monitoring between the leading PERF_TYPE_TRACEPOINT and sub PERF_EVENT_HARDWARE plus the PERF_EVENT_SOFTWARE using the perf_event_open() function with these three types. This flaw allows a local user to crash the system.
10.0.1.41CVSS v3: 6.1 (MEDIUM)CVE-2019-10062SOL-68536 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. AllThe HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS. The sanitizer only attempts to filter SCRIPT elements, which makes it feasible for remote attackers to conduct XSS attacks via (for example) JavaScript code in an attribute of various other elements. An attacker might also exploit a bug in how the SCRIPT string is processed by splitting and nesting them for example.
10.0.1.41CVSS v3: 5.9 (MEDIUM)CVE-2022-24769SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. AllMoby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting.
10.0.1.41CVSS v3: 5.9 (MEDIUM)CVE-2021-23336SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. AllThe package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.
10.0.1.41CVSS v3: 5.7 (MEDIUM)CVE-2022-27774SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. AllAn insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
10.0.1.41CVSS v3: 5.7 (MEDIUM)CVE-2021-3572SOL-71051 Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Releases 9.13.0 and higherA flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
10.0.1.41CVSS v3: 5.6 (MEDIUM)CVE-2022-23960SOL-65778 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Machine Image. AllCertain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.
10.0.1.41CVSS v3: 5.5 (MEDIUM)CVE-2022-26966SOL-65778 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Machine Image. AllAn issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.
10.0.1.41CVSS v3: 5.5 (MEDIUM)CVE-2021-4149SOL-65778 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Machine Image. AllA vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.
10.0.1.41CVSS v3: 5.5 (MEDIUM)CVE-2022-1016SOL-65778 SOL-68968 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Machine Image. Pubsub+ Event Broker AWS AMI Software Broker. AllA flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
10.0.1.41CVSS v3: 5.5 (MEDIUM)CVE-2022-0696SOL-68968 SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. Pubsub+ Event Broker AWS AMI Software Broker. AllNULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.
10.0.1.41CVSS v3: 5.5 (MEDIUM)CVE-2022-1516SOL-70148 SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. Pubsub+ Event Broker AWS AMI Software Broker. AllA NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system.
10.0.1.41CVSS v3: 5.5 (MEDIUM)CVE-2016-9532SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. AllInteger overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file.
10.0.1.41CVSS v3: 5.5 (MEDIUM)CVE-2020-35521SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. AllA flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.
10.0.1.41CVSS v3: 5.5 (MEDIUM)CVE-2020-35522SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. AllIn LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.
10.0.1.41CVSS v3: 5.5 (MEDIUM)CVE-2022-0561SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. AllNull source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
10.0.1.41CVSS v3: 5.5 (MEDIUM)CVE-2022-0907SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. AllUnchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.
10.0.1.41CVSS v3: 5.5 (MEDIUM)CVE-2022-0908SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. AllNull source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
10.0.1.41CVSS v3: 5.5 (MEDIUM)CVE-2022-0909SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. AllDivide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
10.0.1.41CVSS v3: 5.5 (MEDIUM)CVE-2022-0924SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. AllOut-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
10.0.1.41CVSS v3: 5.5 (MEDIUM)CVE-2022-22844SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. AllLibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.
10.0.1.41CVSS v3: 5.5 (MEDIUM)CVE-2022-0854SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. AllA memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.
10.0.1.41CVSS v3: 5.5 (MEDIUM)CVE-2022-0562SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. AllNull source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
10.0.1.41CVSS v3: 5.5 (MEDIUM)CVE-2022-21151SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. AllProcessor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
10.0.1.41CVSS v3: 5.5 (MEDIUM)CVE-2022-0714SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. AllHeap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
10.0.1.41CVSS v3: 5.5 (MEDIUM)CVE-2022-1420SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. AllUse of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.
10.0.1.41CVSS v3: 5.5 (MEDIUM)CVE-2022-31030SOL-72507 Allcontainerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an "exec" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used.
10.0.1.41CVSS v3: 5.3 (MEDIUM)CVE-2021-4189SOL-70795 SOL-72193 Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Pubsub+ Event Broker AWS AMI Software Broker. Releases 9.13.0 and higherA flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.
10.0.1.41CVSS v3: 5.1 (MEDIUM)CVE-2022-1199SOL-65778 Pubsub+ Event Broker Appliance. Pubsub+ Event Broker Machine Image. AllNo description is available for this CVE.
10.0.1.41CVSS v3: 4.4 (MEDIUM)CVE-2021-31566SOL-68632 Pubsub+ Event Broker Container. Pubsub+ Event Broker Cloud. Releases 9.13.0 and higherAn improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.
10.0.1.41CVSS v3: 3.3 (LOW)CVE-2021-3981SOL-70148 Pubsub+ Event Broker AWS AMI Software Broker. AllA flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.
10.0.1.41CVSS v3: 2.6 (LOW)CVE-2022-30629SOL-72507 AllNo description is available for this CVE.
10.0.1.41CVSS v3: 0.0 (UNAVAILABLE)CVE-2022-0729 CVE-2022-0943SOL-72193 Pubsub+ Event Broker AWS AMI Software Broker. AllDetails are not available from https://nvd.nist.gov/vuln/detail/CVE-2022-0729 CVE-2022-0943
10.0.1.41CVSS v3: 0.0 (UNAVAILABLE)CVE-2022-30634SOL-72507 AllDetails are not available from https://nvd.nist.gov/vuln/detail/CVE-2022-30634
10.0.1.41CVSS v3: 0.0 (UNAVAILABLE)CVE-2022-30580SOL-72507 AllDetails are not available from https://nvd.nist.gov/vuln/detail/CVE-2022-30580
10.0.1.41CVSS v3: 0.0 (UNAVAILABLE)CVE-2022-29804SOL-72507 AllDetails are not available from https://nvd.nist.gov/vuln/detail/CVE-2022-29804
This product uses the NVD API but is not endorsed or certified by the NVD.

Known Issues in Release 10.0

This section describes known issues in the Solace PubSub+ Event Broker, Release 10.0.
Reference NumberDescription
SOL-12284
Making the same configuration change on both the primary and backup event brokers at the same time can cause config-sync to go out of sync.
Workaround:
Only execute the configuration change on one node. Config-sync will ensure that the configuration change is propagated to the other node.
SOL-12281
This issue applies to Solace PubSub+ software event broker machine images only.
The software event broker is vulnerable to CVE-2018-5407.
Workaround:
Disable SMT/Hyper-Threading on the event broker host.
SOL-5782
SolOS will fail to start up if an invalid SSL certificate is configured via config-keys.
SOL-4485
Messages queued at the replication standby site will not be moved to the dead message queue (DMQ) when they expire at the replication active site.
SOL-4182
The PubSub+ Software Event Broker needs larger TCP rmem/wmem settings to support multi-node routing neighbors across high RTT WAN links.
Original bug: Bug 63008
SOL-22323
Bridges configured with an active/standby role of 'auto' may fail to connect following a redundancy failover if the broker's active-standby-role configuration is modified after creating the 'auto' bridge.
Workaround:
Rebooting the broker two times will correct the issue.
SOL-23696
A bridge delivering guaranteed messages may stall if the window size it was initially configured to use is later modified to be a smaller value.
Workaround:
If the bridge stalls, the bridge queue must be removed from the bridge configuration and then re-added to the bridge configuration to allow the bridge to resume delivering guaranteed messages. It is not necessary to delete and recreate the queue itself.
SOL-27189
The broker may disconnect slow subscribers when its NAB Buffer Load Factor exceeds 85%, before the expected 100% level at which slow subscribers are typically disconnected.
SOL-27822
The rate at which a broker can accept connections may be lower than expected when using LDAP authorization.
SOL-31712
The PubSub+ Manager may not display all of the configured client profiles.
SOL-42779
The PubSub+ Software Event Broker erroneously allows more user-created message-VPNs than are officially supported within the broker. This applies to all editions (Enterprise, Standard, and Evaluation). In a future release, this limit will be strictly enforced.
SOL-45634
The commit request for a local transaction sent from a replication active site to the replication standby site while using transaction replication mode causes a no-subscription-match event.
SOL-46285
The Solace PubSub+ Machine Image will not continuously retry for an IP address via DHCP if DHCP servers are unreachable.
Note that this only affects Machine Images. Appliances and Container images are not affected.
SOL-46501
If the backup appliance in an active-active HA configuration is restarted while the message spool is disabled, re-enabling the message-spool will fail if one or more replay logs exist in the setup. This issue applies to Solace PubSub+ appliances only.
Workaround:
Set the active-standby redundancy role of the backup appliance to 'backup' prior to the restart. After the restart, set the active-standby role back to 'none'.
SOL-48714
When the message spool disk is full for HA software brokers, message spool defragmentation will fail, as expected, but with the incorrect error message.
SOL-50776
Endpoints with many messages require more time to trim than expected (replay-log trimming included).
SOL-61054
If a message TTL expires to a Dead Message Queue (DMQ) and the DMQ is also configured to TTL expire messages, the message will TTL expire from the DMQ after the sum of the TTL configured for the DMQ and the message's TTL from the queue it was originally published to.
SOL-61319
SolOS will fail to boot if the search list for host-name lookup in /etc/resolv.conf is larger than 245 characters.
SOL-66151
Using SEMPv2 to retrieve a filtered list of topics cached in a PubSub+ Cache instance isn't as efficient as using SEMPv1.
SOL-66832
In DMR clusters with at least one HA node, the "SYSTEM_ROUTING_CSPF_DUPLICATE_ROUTER_NAME" event is erroneously raised during a failover. The event will clear after 5 minutes and can be ignored.
SOL-67072
Config-sync may go down due to the high volume of changes that do not require synchronization.
SOL-67402
Direct messages that are promoted can incorrectly increment the guaranteed messaging statistics of a different client.
This is an error in statistics and does not impact messaging.
SOL-68006
The TCP Window Size calculated by the DMR Link Optimizer is lower than Solace recommendations.
SOL-71133
The max-bind-count limit on endpoints can be occasionally exceeded if multiple concurrent binds occur at the same time.