11155 matches found
GHSA-6433-X5P4-8JC7 libxmljs vulnerable to type confusion when parsing specially crafted XML
libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop a...
GHSA-MJR4-7XG5-PFVH libxmljs2 type confusion vulnerability when parsing specially crafted XML
libxmljs2 is vulnerable to type confusion when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop and remote code...
libxmljs2 type confusion vulnerability when parsing specially crafted XML
libxmljs2 is vulnerable to type confusion when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop and remote code...
libxmljs vulnerable to type confusion when parsing specially crafted XML
libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop a...
CVE-2024-34391
libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop a...
CVE-2024-34393
libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop...
CVE-2024-34391
libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop a...
CVE-2024-34393 libxmljs2 attrs type confusion RCE
libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop...
CVE-2024-34393
Libxmljs2 contains a type confusion vulnerability related to parsing specially crafted XML and then calling attrs() on the result of a parsed node. Affected component is the libxmljs2 XML parsing path; the underlying issue is a type confusion when attrs() is invoked on the grandchild node or resu...
CVE-2024-34391
Summary: CVE-2024-34391 affects libxmljs due to a type confusion when parsing specially crafted XML and calling a function on the result of attrs() on a parsed node. This can lead to severe outcomes including DoS, data leakage, infinite loops, and, on 32-bit systems with XML_PARSE_HUGE, remote co...
AZL-43369 CVE-2024-30251 affecting package python-aiohttp 3.6.2-3
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...
DEBIAN-CVE-2024-30251
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...
UBUNTU-CVE-2024-30251
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...
CVE-2024-30251 Denial of service when trying to parse malformed POST requests in aiohttp
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...
CVE-2024-30251
CVE-2024-30251 affects aio-libs aiohttp. An attacker can send a specially crafted POST (multipart/form-data) request and the aiohttp server may enter an infinite loop while processing it, causing a denial of service. The issue is addressed in a patched version (3.9.4); remediation is to upgrade t...
PT-2024-3818
Name of the Vulnerable Software and Affected Versions aiohttp versions prior to 3.9.4 Description The issue is related to an infinite loop that occurs when the aiohttp server processes a specially crafted POST multipart/form-data request. This allows an attacker to stop the application from servi...
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...
Moderate: Red Hat Security Advisory: libtiff security update
An update for libtiff is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
libtiff: infinite loop via a crafted TIFF file
A flaw was found in the libtiff library. This issue allows an attacker who can submit a specially crafted file to an application linked with libtiff to cause an infinite loop, resulting in a denial of service...
libX11: stack exhaustion from infinite recursion in PutSubImage()
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage function. This flaw allows a local user to consume all available system resources and cause a denial of service condition...