Binaryen Denial of Service Vulnerability

Binaryen is a compiler infrastructure and toolchain library for WebAssembly written in C++. Binaryen suffers from a denial of service vulnerability in version 104, which stems from an assertion abort in the software wasm::WasmBinaryBuilder::VisitRetrow, that can be exploited by an attacker to cau...

Binaryen Stack Buffer Overflow Vulnerability

Binaryen is a compiler infrastructure and toolchain library for WebAssembly written in C++. Binaryen has a stack buffer overflow vulnerability in version 103, which originates when the software printf public function performs an operation in memory, and can be exploited by an attacker to cause...

GCC 安全漏洞

Gcc is a collection of Gnu compilers. It is primarily used to compile the C and C++ languages. A security vulnerability exists in GCC that stems from the discovery that GCC v12.0 contains uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows an attacker to...

CVE-2022-21681

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service DoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...

CVE-2022-21681 Exponential catastrophic backtracking (ReDoS) in marked

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service DoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...

GHSA-24G6-5RX7-58WJ Missing Initialization of Resource in pnet

An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault upon attempted dereference of an uninitialized descriptor because of an erroneous IcmpTransportChannelIterator compiler optimization...

Missing Initialization of Resource in pnet

An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault upon attempted dereference of an uninitialized descriptor because of an erroneous IcmpTransportChannelIterator compiler optimization...

CVE-2019-25054

An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault upon attempted dereference of an uninitialized descriptor because of an erroneous IcmpTransportChannelIterator compiler optimization...

SUSE-SU-2021:4186-1 Security update for go1.17

This update for go1.17 fixes the following issues: Updated to upstream version 1.17.5 to include fixes to the compiler, linker, syscall, runtime, the net/http, go/types, and time packages bsc1190649 - CVE-2021-44717: syscall: don't close fd 0 on ForkExec error bsc1193598. - CVE-2021-44716:...

Binaryen Denial of Service Vulnerability (CNVD-2022-06888)

Binaryen is a compiler and toolchain infrastructure library for WebAssembly written in C. A denial of service vulnerability exists in Binaryen 103, which stems from an invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet, and could be exploited by an attacker to cause a denial ...

Possibility to drain TwabRewards smart contract tokens (even with valid ticket)

Handle kemmio Vulnerability details Impact Possibility to drain all smart contract assets abusing uint256 overflow in updateClaimedEpoch Proof of Concept The vulnerability arises because of uint256 overflow in updateClaimedEpoch return userClaimedEpochs | uint2561 The attacker needs to have in...

Denial Of Service (DoS)

libsepol is vulnerable to denial of service. The CIL compiler in SELinux has a heap-based buffer over-read in ebitmapmatchany called indirectly from cilcheckneverallow. This occurs because there is sometimes a lack of checks for invalid statements in an optional block...

Denial Of Service (DoS)

libsepol is vulnerable to denial of service. The CIL compiler in SELinux 3.2 has a use-after-free in cilverifyclassperms called from verifymappermclassperms and hashtabmap...

@love-open-source/ember-slider (>=0.0.2 <=1.1.10), broccoli-compass-compiler (>=0.0.1 <=0.0.6) +1 more potentially affected by CVE-2020-7635 via compass-compile (=0.0.1)

compass-compile NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on compass-compile and may be impacted: - @love-open-source/ember-slider =0.0.2, =0.0.1, =0.1.0, =0.5.0 Source cves: CVE-2020-7635 Source advisory: OSV:GHSA-7Q9F-X6RM-QMXR...

Lucet Resource Management Error Vulnerability

Lucet is an open source, native WebAssembly compiler and runtime from the Bytecode Alliance organization. Lucet has a resource management error vulnerability that stems from the presence of post-release usage in Lucet's Instance object, which can be exploited by attackers to cause memory...

MiningService _withdrawMultiple will fail most of the times

Handle hyh Vulnerability details Impact Impact depends on subtraction overflow handling and this way on the compiler version used for production deployment. If compiler version above 0.8: The compiler will check subtraction and fail, so: a user will have all withdrawals failed most of the times,...

CVE-2021-43790

Lucet (lucet-runtime) has a Use-After-Free in the Instance object caused by a race during destruction when the memory backing the Instance is released back to the pool before other fields are dropped. This affects main branch implementations and all releases published to crates.io, and leads to m...

Moderate: Red Hat Security Advisory: llvm-toolset:rhel8 security update

An update for the llvm-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALSA-2021:4743 Moderate: llvm-toolset:rhel8 security update

LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks...

Moderate: Red Hat Security Advisory: devtoolset-11-annobin security update

An update for devtoolset-11-annobin is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...