4727 matches found
SUSE-SU-2022:2673-1 Security update for python-ujson
This update for python-ujson fixes the following issues: - CVE-2022-31116: Fixed improper decoding of escaped surrogate characters bsc1201255. - CVE-2022-31117: Fixed a double free while reallocating a buffer for string decoding bsc1201254...
FreeBSD : go -- decoding big.Float and big.Rat can panic (7f8d5435-125a-11ed-9a69-10c37b4ac2ea)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7f8d5435-125a-11ed-9a69-10c37b4ac2ea advisory. - The Go project reports: encoding/gob & math/big: decoding big.Float and big.Rat can panic Decoding...
Uncaught Exception
Overview std/math/big is a Go standard library package std/math/big Affected versions of this package are vulnerable to Uncaught Exception. Go Vulnerability Report:Decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service...
GO-2022-0537 Panic when decoding Float and Rat types in math/big
Decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service...
[SECURITY] Fedora 36 Update: golang-github-rwcarlsen-goexif-0-0.10.20191017git9e8deec.fc36
This package provides decoding of basic exif and tiff encoded data...
Updated python-ujson packages fix security vulnerability
Add support for arbitrary size integers. Replace 'wchart' string decoding implementation with a 'uint32t'-based one; fix handling of surrogates on decoding CVE-2022-31116 Potential double free of buffer during string decoding - Fix memory leak on encoding errors when the buffer was resized -...
MGASA-2022-0270 Updated python-ujson packages fix security vulnerability
Add support for arbitrary size integers. Replace 'wchart' string decoding implementation with a 'uint32t'-based one; fix handling of surrogates on decoding CVE-2022-31116 Potential double free of buffer during string decoding - Fix memory leak on encoding errors when the buffer was resized -...
GStreamer 输入验证错误漏洞
GStreamer is a set of frameworks for processing streaming media. An input validation error vulnerability exists in GStreamer version 1.16.2, which is caused by an integer overflow when zlib decodes gstmatroskadecompressdata encoded data, and can be exploited by an attacker to cause a system crash...
GStreamer 输入验证错误漏洞
GStreamer is a set of frameworks for processing streaming media. An input validation error vulnerability exists in GStreamer version 1.16.2, which is caused by an integer overflow when zlib decodes gstmatroskadecompressdata encoded data, and can be exploited by an attacker to cause a system crash...
PT-2022-20575 · Jquery +5 · Jquery Ui +5
Name of the Vulnerable Software and Affected Versions: jQuery UI versions prior to 1.13.2 Moodle versions prior to 3.11.17-alt1 Description: jQuery UI, a collection of user interface interactions, effects, widgets, and themes built on jQuery, is susceptible to a cross-site scripting XSS issue...
[SECURITY] Fedora 35 Update: golang-github-rwcarlsen-goexif-0-0.9.20191017git9e8deec.fc35
This package provides decoding of basic exif and tiff encoded data...
go -- decoding big.Float and big.Rat can panic
The Go project reports: encoding/gob & math/big: decoding big.Float and big.Rat can panic Decoding big.Float and big.Rat types can panic if the encoded message is too short...
CVE-2022-20083
In Modem 2G/3G CC, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding combined FACILITY with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00803883; Issue ID:...
Fedora: Security Advisory for golang-github-francoispqt-gojay (FEDORA-2022-fae3ecee19)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
GHSA-FM67-CV37-96FF Potential double free of buffer during string decoding
Impact What kind of vulnerability is it? Who is impacted? When an error occurs while reallocating the buffer for string decoding, the buffer gets freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. Patches Has the problem been patche...
DEBIAN-CVE-2022-31117
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...
Double free
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...
UBUNTU-CVE-2022-31117
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...
CVE-2022-31116 Incorrect handling of invalid surrogate pair characters in ujson
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupti...
CVE-2022-31117 Double free of buffer during string decoding in ujson
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...