PT-2024-6191 · Unknown +4 · Hdf5 Library +4

Name of the Vulnerable Software and Affected Versions: HDF5 Library versions prior to 1.14.4 Description: The issue is related to a heap buffer overflow in the H5O mtime new encode function in the H5Omtime.c file of the HDF5 library. This can be exploited by a remote attacker to impact the...

PT-2024-6190 · Hdf5 +4 · Hdf5 +4

Name of the Vulnerable Software and Affected Versions: HDF5 versions prior to 1.14.4 Description: The issue is related to a heap-based buffer overflow in the H5O layout encode function in the H5Olayout.c file of the HDF5 library. This overflow can cause corruption of the instruction pointer. The...

PT-2024-6201 · Unknown +2 · Hdf5 Library +2

Name of the Vulnerable Software and Affected Versions: HDF5 Library versions prior to 1.14.4 Description: The issue is related to a heap-based buffer over-read in the H5O dtype encode helper function in the H5Odtype.c file of the HDF5 library. This can allow an attacker to impact the...

UBUNTU-CVE-2024-3651

A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...

Cookie-Monster - BOF To Steal Browser Cookies & Credentials

Steal browser cookies for edge, chrome and firefox through a BOF or exe! Cookie-Monster will extract the WebKit master key, locate a browser process with a handle to the Cookies and Login Data files, copy the handles and then filelessly download the target. Once the Cookies/Login Data files are...

Denial Of Service (DoS)

idna is vulnerable to Denial Of Service. The vulnerability is due to a specially crafted argument to the idna.encode function, which could consume significant resources...

PT-2024-3030 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions 8.3.0 through 8.3.4 Description: The issue is related to the function mb encode mimeheader in PHP, which can run endlessly for certain inputs containing long strings of non-space characters followed by a space. This could lead to...

DEBIAN-CVE-2024-26689

In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encodecapmsg In fs/ceph/caps.c, in encodecapmsg, "use after free" error was caught by KASAN at this line - 'cephbuffergetarg-xattrbuf;'. This implies before the refcount could be increment here, it...

UBUNTU-CVE-2024-26689

In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encodecapmsg In fs/ceph/caps.c, in encodecapmsg, "use after free" error was caught by KASAN at this line - 'cephbuffergetarg-xattrbuf;'. This implies before the refcount could be increment here, it...

CVE-2024-26689 ceph: prevent use-after-free in encode_cap_msg()

In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encodecapmsg In fs/ceph/caps.c, in encodecapmsg, "use after free" error was caught by KASAN at this line - 'cephbuffergetarg-xattrbuf;'. This implies before the refcount could be increment here, it...

CVE-2024-27094

OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...

PT-2024-40668 · Git +1 · Libxaac

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read issue was identified, as reported by OSS-Fuzz. The crash type is Heap-buffer-overflow READ 1, and it occurs in the ixaac enco...

[SECURITY] Fedora 40 Update: json_simple-1.1.1-34.fc40

JSON.simple is a simple Java toolkit for JSON. You can use JSON.simple to encode or decode JSON text. Full compliance with JSON specification RFC4627 and reliable Provides multiple functionalities such as encode, decode/parse and escape JSON text while keeping the library lightweight Flexible,...

SUSE CVE-2024-25269

libheif = 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack...

CVE-2024-25269

libheif = 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack...

CVE-2024-25269

libheif = 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack...

Out-of-bounds Read

@openzeppelin/contracts, @openzeppelin/contracts-upgradeable are vulnerable to Out-of-bounds Read. The vulnerability is due to Base64.encode function which encodes a byte input by iterating over it in chunks of 3 byte and reading the parts of the memory beyond the input buffer when the input is n...

CVE-2024-27094 OpenZeppelin Contracts base64 encoding may read from potentially dirty memory

OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...

CVE-2024-27094

OpenZeppelin Contracts Base64.encode has a memory-read flaw when input length is not a multiple of 3, risking corruption of the encoded output. This affects OpenZeppelin Contracts (and upgradeable) prior to versions 5.0.2 and 4.9.6. Remediation: upgrade to 5.0.2 or 4.9.6. No exploit details are p...

PT-2024-21645

Name of the Vulnerable Software and Affected Versions OpenZeppelin Contracts versions prior to 4.9.6 OpenZeppelin Contracts versions prior to 5.0.2 Description The Base64.encode function in OpenZeppelin Contracts encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is...