34 matches found
CVE-2024-46853
In the Linux kernel, the following vulnerability has been resolved: spi: nxp-fspi: fix the KASAN report out-of-bounds bug Change the memcpy length to fix the out-of-bounds issue when writing the data that is not 4 byte aligned to TX FIFO. To reproduce the issue, write 3 bytes data to NOR chip. dd...
CVE-2024-43410 Russh has an OOM Denial of Service due to allocation of untrusted amount
Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length,...
CVE-2023-52628 netfilter: nftables: exthdr: fix 4-byte stack OOB write
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv-len is a multiple of 4, then dstlen / 4 can write past the destination array which leads to stack corruption. This construct is necessary to clean the remainder of t...
CVE-2023-44186
An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service DoS. Continued receipt and...
PyFriBidi Buffer overflow in the fribidi_utf8_to_unicode function
Buffer overflow in the fribidiutf8tounicode function in PyFriBidi before 0.11.0 allows remote attackers to cause a denial of service application crash via a 4-byte utf-8 sequence...
CVE-2020-35655
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled...
CVE-2020-35655
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled...
CVE-2019-18218
cdfreadpropertyinfo in cdf.c in file through 5.37 does not restrict the number of CDFVECTOR elements, which allows a heap-based buffer overflow 4-byte out-of-bounds write...
Linux/x64 - XANAX Decoder Shellcode (127 bytes)
Linux/x64 - XANAX Decoder Shellcode 127 bytes ; Date: 08/04/2019 ; XANAX Decoder ; Author: Alan Vivona ; Description: Reverts the xor-add-not-add-xor sequence using the same 4 byte key and executes the encoded payload. ; Tested on: x86-x64 GNU/Linux global start section .text keys.xor1 equ 0x29...
x64 Linux bind TCP port shellcode 81 bytes, 96 with password
x64 Linux bind TCP port shellcode 81 bytes, 96 with password. Shellcode exploit for linx86-64 platform / Author: Sean Dillon Copyright: c 2014 CAaNES, LLC. http://caanes.com Release Date: December 19, 2014 Description: x64 Linux null-free TCP bind port shellcode, optional 4 byte password Assemble...
linux/x64 reverse TCP connect shellcode 85 bytes
x64 Linux reverse TCP connect shellcode 77 to 85 bytes, 90 to 98 with password / Author: Sean Dillon Copyright: c 2014 CAaNES, LLC. http://caanes.com Release Date: December 19, 2014 Description: x64 Linux null-free reverse TCP shellcode, optional 4 byte password Assembled Size: 77 - 85 bytes, 90 ...
linux/x64 bind TCP port shellcode 81 bytes
x64 Linux bind TCP port shellcode 81 bytes, 96 with password / Author: Sean Dillon Copyright: c 2014 CAaNES, LLC. http://caanes.com Release Date: December 19, 2014 Description: x64 Linux null-free TCP bind port shellcode, optional 4 byte password Assembled Size: 81 bytes, 96 with password Tested...
CVE-2014-3818
Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49 before D49, 13.1X50 before 30, 13.2 before R4,...
Juniper Junos BGP UPDATE 'rpd' Remote DoS (JSA10653)
According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability due to improper handling of BGP UPDATE messages using 4-byte AS numbers. A remote attacker can exploit this issue, by sending a specially crafted BGP UPDATE packet, to...
Linux Kernel <= 2.6.31-rc5 sigaltstack 4-Byte Stack Disclosure Exploit
No description provided by source. / sigaltstack-leak.c Linux Kernel = 2.6.31-rc5 sigaltstack 4-Byte Stack Disclosure Jon Oberheide [email protected] http://jon.oberheide.org Information: http://git.kernel.org/linus/0083fc2c50e6c5127c2802ad323adf8143ab7856 Ulrich Drepper correctly points out that...
CVE-2012-1176
Buffer overflow in the fribidiutf8tounicode function in PyFriBidi before 0.11.0 allows remote attackers to cause a denial of service application crash via a 4-byte utf-8 sequence...
CVE-2012-1176
Buffer overflow in the fribidiutf8tounicode function in PyFriBidi before 0.11.0 allows remote attackers to cause a denial of service application crash via a 4-byte utf-8 sequence...
Reverse Engineering SEHOP Chain Validation
Reverse Engineering code of SEHOP Chain Validation by x90c [email protected] -- sehopchainvalidation.c -- typedef struct EXCEPTIONREGISTRATIONRECORD struct EXCEPTIONREGISTRATIONRECORD Next; PEXCEPTIONROUTINE Handler; EXCEPTIONREGISTRATIONRECORD, PEXCEPTIONREGISTRATIONRECORD; / first ER struct o...
Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities - Cisco Systems
Recent versions of Cisco IOS Software support RFC4893 "BGP Support for Four-octet AS Number Space" and contain two remote denial of service DoS vulnerabilities when handling specific Border Gateway Protocol BGP updates. These vulnerabilities affect only devices running Cisco IOS Software with...
VariCAD 2010-2.05 EN - Local Buffer Overflow
/ Exploit Title: VariCAD 2010-2.05 EN Local buffer overflow : Date: 15 March 2010 Author: n00b Realname: carl cope Software Link: http://www.varicad.com/en/home/ Version: All versions are affected. Tested on: Windows xp sp3,Vista sp2,Linux unbuntu CVE : if exists...