PT-2026-49579

Name of the Vulnerable Software and Affected Versions Electron versions 42.3.1 through 42.3.2 Description Incorrect byte length calculations in the Node.js Buffer API cause heap underflow or overflow, which can lead to memory corruption or application crashes. This issue may result in incorrect...

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the Buffer.alloc family in lib/setup-sandbox.js. An attacker can crash t...

nodejs: Nodejs uninitialized memory exposure

A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other...

Important: nodejs20

Issue Overview: Bypass File System Permissions using crafted symlinks CVE-2025-55130 A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated...

n8n's Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner

Impact The use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process for example, data from prior requests, tasks, secrets, or tokens,...

PT-2026-6357

Impact The use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process for example, data from prior requests, tasks, secrets, or tokens,...

CVE-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

SUSE CVE-2023-53752

In the Linux kernel, the following vulnerability has been resolved: net: deal with integer overflows in kmallocreserve Blamed commit changed: ptr = kmallocsize; if ptr size = ksizeptr; size = kmallocsizeroundupsize; ptr = kmallocsize; This allowed various crash as reported by syzbot 1 and Kyle...

CVE-2022-1325

A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer...

PT-2022-13799 · Clmg +3 · Clmg +3

Name of the Vulnerable Software and Affected Versions: Clmg affected versions not specified Description: A flaw in Clmg allows an attacker to trick the application into allocating huge buffer sizes, such as 64 Gigabyte, by using a maliciously crafted pandore or bmp file with modified dx and dy...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2569)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version 5.11-rc4...

GSD-2021-1001472 seq_file: disallow extremely large seq buffer allocations

seqfile: disallow extremely large seq buffer allocations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.276 by commit...

UVI-2021-1001472 seq_file: disallow extremely large seq buffer allocations

seqfile: disallow extremely large seq buffer allocations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.276 by commit...

GSD-2021-1001413 seq_file: disallow extremely large seq buffer allocations

seqfile: disallow extremely large seq buffer allocations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.240 by commit...

UVI-2021-1001182 seq_file: disallow extremely large seq buffer allocations

seqfile: disallow extremely large seq buffer allocations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.13.4 by commit...

Unbreakable Enterprise kernel-container security update

5.4.17-2102.203.6.el7 - seqfile: disallow extremely large seq buffer allocations Eric Sandeen Orabug: 33135632 CVE-2021-33909...

Unbreakable Enterprise kernel-container security update

4.14.35-2047.505.4.3.el7 - seqfile: disallow extremely large seq buffer allocations Eric Sandeen Orabug: 33142065 CVE-2021-33909...

Unbreakable Enterprise kernel security update

4.1.12-124.52.5 - seqfile: disallow extremely large seq buffer allocations Eric Sandeen Orabug: 33135634 CVE-2021-33909...

openSUSE: Security Advisory for the (openSUSE-SU-2021:2415-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-33909

fs/seqfile.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05...