BER/CER/DER decoder panics on invalid input

Due to insufficient checking of input data, decoding certain data sequences can lead to bcder panicking rather than returning an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding. bcder 0.7.3 fixes these issues by more...

The vulnerability of the libwebp library regarding the encoding and decoding of WebP images, which involves reading beyond the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of the libwebp library for encoding and decoding WebP images involves reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

PT-2023-27149 · Nlnet +1 · Bcder +1

Name of the Vulnerable Software and Affected Versions: NLnet Labs' bcder library versions 0.7.2 and earlier Description: The bcder library panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as...

NLnet Labs bcder Security Breach

NLnet Labs bcder is NLnet Labs open source a library . Provides ASN.1 standard Basic Encoding Rules BER and more stringent canonical encoding rules CER and Distinguished Encoding Rules DER variants of decoding and encoding . A security vulnerability exists in NLnet Labs bcder 0.7.2 and earlier...

Important: amazon-ecr-credential-helper

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Affected Packages: amazon-ecr-credential-helper Issue Correction: Run dnf update amazon-ecr-credential-helper --releasever 2023.1.20230906 or dnf update --advisory ALAS2023-2023-337 --releasever 2023.1.202309...

Out-Of-Bound Write

libfreerdp.so is vulnerable to Out-Of-Bound Write. The vulnerability exists due to an integer overflow in the freerdpimagecopy function of color.c when an image width or height == 0, which allows an attacker to cause out-of-bound write when image decoding is done by a proxy...

Denial Of Service (DoS)

wireshark is vulnerable to Denial of Service DoS attacks. The vulnerability exists in the packet-cp2179.c file. The file is responsible for decoding CP2179 packets. The vulnerability occurs when the file fails to properly check the length of a packet. This can cause Wireshark to divide by zero,...

CVE-2023-40186

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the gdiCreateSurface function. This issue affects FreeRDP based clients only. FreeRDP proxies...

Design/Logic Flaw

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the gdiCreateSurface function. This issue affects FreeRDP based clients only. FreeRDP proxies...

CVE-2023-40186 IntegerOverflow leading to Out-Of-Bound Write Vulnerability in FreeRDP

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the gdiCreateSurface function. This issue affects FreeRDP based clients only. FreeRDP proxies...

CVE-2023-40186 IntegerOverflow leading to Out-Of-Bound Write Vulnerability in FreeRDP

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the gdiCreateSurface function. This issue affects FreeRDP based clients only. FreeRDP proxies...

json2xml Uncaught Exception vulnerability

The json2xml package for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service...

GHSA-8RJ5-2857-877J json2xml Uncaught Exception vulnerability

The json2xml package for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service...

CVE-2023-41104

libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL Varnish Configuration...

Authentication flaw

libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL Varnish Configuration...

libvmod-digest 缓冲区错误漏洞

libvmod-digest is used to compute HMAC, message digests. A security vulnerability exists in libvmod-digest versions prior to 1.0.3, which stems from an out-of-bounds memory access during base64 decoding, leading to authentication bypass and information disclosure...

CVE-2023-41104

libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL Varnish Configuration...

CVE-2022-25024

The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service...

CVE-2022-25024

The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service...

CVE-2022-25024

The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service...