PT-2024-11090 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.12.0-rc1-custom 1 Description: The issue is caused by a race condition between truncate and overwrite operations in the f2fs compress functionality. This can lead to a situation where a page is detached from t...

CVE-2021-21419

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

DjVu has an out-of-bounds read vulnerability

DjVu an image compression technique that has evolved into one of the standard image document formats. DjVu suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause a program to crash...

[SECURITY] Fedora 32 Update: p7zip-16.02-20.fc32

p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very h igh compression ratio. The original version can be found at http://www.7-zip.or g/...

[SECURITY] Fedora 32 Update: openvpn-2.4.11-1.fc32

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

CVE-2021-29482

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...

Format string

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...

CVE-2021-29482

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...

CVE-2021-29482 denial of service in github.com/ulikunitz/xz

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...

CVE-2021-29482

CVE-2021-29482 affects the Go xz library (github.com/ulikunitz/xz) used to read xz containers. The issue is in readUvarint where crafted input can cause the loop to fail to terminate, potentially enabling a denial of service. The vulnerability has been fixed in release v0.5.8; a practical workaro...

CVE-2021-29482

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...

Unbound Infinite Loop Vulnerability

Unbound is a DNS resolver that supports validation, recursion, and caching features. An infinite loop vulnerability exists in dnamepktcopy in Unbound versions prior to 1.9.5. An attacker can exploit this vulnerability by compressing names to cause an infinite loop...

[SECURITY] Fedora 34 Update: p7zip-16.02-20.fc34

p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very h igh compression ratio. The original version can be found at http://www.7-zip.or g/...

UBUNTU-CVE-2019-25041

Unbound before 1.9.5 allows an assertion failure via a compressed name in dnamepktcopy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited...

Unbound 安全漏洞

Unbound is a DNS resolver that supports validation, recursion, and caching features. An infinite loop vulnerability exists in dnamepktcopy in Unbound versions prior to 1.9.5. An attacker can exploit this vulnerability by compressing names to cause an infinite loop...

NLnet Labs Unbound 缓冲区错误漏洞

Unbound is a DNS resolver that supports validation, recursion, and caching features. An out-of-bounds write vulnerability exists in rdatacopy in versions of Unbound prior to 1.9.5. An attacker can exploit this vulnerability by compressing names to cause an out-of-bounds write...

NLnet Labs Unbound 安全漏洞

Unbound is a DNS resolver that supports validation, recursion, and caching features. An assertion failure vulnerability exists in dnamepktcopy in versions of Unbound prior to 1.9.5. An attacker can exploit this vulnerability by compressing names to cause an assertion failure...

[SECURITY] Fedora 34 Update: openvpn-2.5.2-1.fc34

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

About the security content of watchOS 7.4

About the security content of watchOS 7.4 This document describes the security content of watchOS 7.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

About the security content of iOS 14.5 and iPadOS 14.5

About the security content of iOS 14.5 and iPadOS 14.5 This document describes the security content of iOS 14.5 and iPadOS 14.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...