In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and...
5.5CVSS
5.1AI Score
0.0004EPSS
The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash...
5.5CVSS
5.3AI Score
0.002EPSS
bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson...
5.5CVSS
5.5AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
4.9CVSS
5.3AI Score
0.001EPSS
An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-execution in the context of the whoopsie...
7.8CVSS
7.8AI Score
0.001EPSS