GHSA-Q264-W97Q-Q778 Denial of service via HAMT Decoding Panics

Impact Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout parameter in the HAMT directory nodes. This include checks returned in ipfs/go-bitfield...

[SECURITY] Fedora 36 Update: opusfile-0.12-9.fc36

libopusfile provides a high-level API for decoding and seeking within .opus files. It includes: Support for all files with at least one Opus stream including multichannel files or Ogg files where Opus is muxed with something else. Full support, including seeking, for chained files. A simple stere...

[SECURITY] Fedora 37 Update: opusfile-0.12-9.fc37

libopusfile provides a high-level API for decoding and seeking within .opus files. It includes: Support for all files with at least one Opus stream including multichannel files or Ogg files where Opus is muxed with something else. Full support, including seeking, for chained files. A simple stere...

Fedora: Security Advisory for opusfile (FEDORA-2023-6b83109e4e)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for opusfile (FEDORA-2023-6d18f920d2)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2023-23625 Denial of service in HAMT Decoding in go-unixfs

go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...

CVE-2023-23625 Denial of service in HAMT Decoding in go-unixfs

go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...

CVE-2023-23631 HAMT Decoding Panics in github.com/ipfs/go-unixfsnode

github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. In versions priot to 1.5.2 trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an...

CVE-2022-4450

The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...

CVE-2022-4450

Summary (CVE-2022-4450): OpenSSL’s PEM_read_bio_ex() and wrappers PEM_read_bio()/PEM_read() are vulnerable. If a PEM file is crafted to trigger a 0-byte payload, PEM_read_bio_ex() may return a failure while its header buffer has already been freed; freeing that buffer again can cause a use-after-...

PT-2023-3382 · Samsung · Exynos Modem 5300 +5

Name of the Vulnerable Software and Affected Versions: Exynos Modem 5123 Exynos Modem 5300 Exynos 980 Exynos 1080 Exynos 9110 Exynos Auto T5123 Description: The issue is related to a buffer overflow when decoding an SIP status line, potentially allowing a remote attacker to cause a denial of...

Fedora: Security Advisory for mingw-opusfile (FEDORA-2023-528f07b5af)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 37 Update: mingw-opusfile-0.12-9.fc37

libopusfile provides a high-level API for decoding and seeking within .opus files. It includes: Support for all files with at least one Opus stream including multichannel files or Ogg files where Opus is muxed with something else. Full support, including seeking, for chained files. A simple stere...

PT-2023-35841 · Git +1 · Libredwg

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash involves the functions bit read BB, dwg decode MINSERT private, and dwg decode MINSERT. ...

libtasn1 security update

An update is available for libtasn1. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A library that provides Abstract Syntax Notation One ASN.1, as specified by...

Wrong decoding of paymaster data makes validatePaymasterUserOp always fail, DoS

Lines of code Vulnerability details Impact DoS of validatePaymasterUserOp makes UserOperation's with paymaster not executable Proof of Concept . decodePaymasterData on line 102 in VerifyingSingletonPaymaster.validatePaymasterUserOp returns wrong data and makes function always fail due to the...

Duplicate Advisory: go-codec-dagpb vulnerable to panic when decoding invalid blocks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g3vv-g2j5-45f2. This link is maintained to preserve external references. Original Description go-codec-dagpb is an implementation of the DAG-PB spec for Go. The dag-pb codec can panic when decoding invalid block...

GHSA-967G-CJX4-H7J6 Duplicate Advisory: go-codec-dagpb vulnerable to panic when decoding invalid blocks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g3vv-g2j5-45f2. This link is maintained to preserve external references. Original Description go-codec-dagpb is an implementation of the DAG-PB spec for Go. The dag-pb codec can panic when decoding invalid block...

CVE-2022-2584

The dag-pb codec can panic when decoding invalid blocks...

CVE-2022-2584

The dag-pb codec can panic when decoding invalid blocks...