re2c 缓冲区错误漏洞

re2c is an open source language generator for C and C++. A security vulnerability exists in re2c, which suffers from a stack overflow due to an infinite recursion issue in src/dfa/deadrules.cc...

PT-2022-16321 · Re2C +1 · Re2C +1

Name of the Vulnerable Software and Affected Versions: re2c version 2.2 Description: A stack overflow issue exists due to infinite recursion in the src/dfa/dead rules.cc file. Recommendations: For re2c version 2.2, at the moment, there is no information about a newer version that contains a fix f...

USN-5222-1: Apache Log4j 2 vulnerabilities

It was discovered that Apache Log4j 2 was vulnerable to remote code execution RCE attack when configured to use a JDBC Appender with a JNDI LDAP data source URI. A remote attacker could possibly use this issue to cause a crash, leading to a denial of service. CVE-2021-44832 Hideki Okamoto and Guy...

CLSA-2022-1641904053 Fix of 14 CVEs

CVE-2018-9138: Fix stack exhaustion - CVE-2018-12641: Fix stack exhaustion - CVE-2018-12697: Fix NULL pointer dereference - CVE-2018-12698: Fix memory consumption - CVE-2018-12699: Fix heap-based buffer overflow - CVE-2018-12700: Fix infinite recursion - CVE-2018-17794: Fix NULL pointer...

Fix of 14 CVEs

CVE-2018-9138: Fix stack exhaustion - CVE-2018-12641: Fix stack exhaustion - CVE-2018-12697: Fix NULL pointer dereference - CVE-2018-12698: Fix memory consumption - CVE-2018-12699: Fix heap-based buffer overflow - CVE-2018-12700: Fix infinite recursion - CVE-2018-17794: Fix NULL pointer...

[SECURITY] [DLA 2872-1] agg security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2872-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk December 31, 2021 https://wiki.debian.org/LTS -...

CLSA-2021-1640791516 Fix CVE(s): CVE-2021-45078, CVE-2018-12700

SECURITY UPDATE: - debian/patches/CVE-2018-12700.patch: fix infinite recursion. - debian/patches/CVE-2021-45078.patch: fix heap-based buffer overflow. - CVE-2018-12700, CVE-2021-45078...

CLSA-2021-1640790635 Fixed 14 CVEs in binutils

CVE-2018-9138: Fix stack exhaustion - CVE-2018-12641: Fix stack exhaustion - CVE-2018-12697: Fix NULL pointer dereference - CVE-2018-12698: Fix memory consumption - CVE-2018-12699: Fix heap-based buffer overflow - CVE-2018-12700: Fix infinite recursion - CVE-2018-17794: Fix NULL pointer...

Fix of CVE: CVE-2021-45078, CVE-2018-9138, CVE-2018-17985, CVE-2018-12641, CVE-2018-12699, CVE-2018-12698, CVE-2018-12697, CVE-2018-12700, CVE-2018-18484, CVE-2018-18701, CVE-2018-12934, CVE-2018-18700, CVE-2018-17794, CVE-2018-18483

CVE-2018-9138: Fix stack exhaustion - CVE-2018-12641: Fix stack exhaustion - CVE-2018-12697: Fix NULL pointer dereference - CVE-2018-12698: Fix memory consumption - CVE-2018-12699: Fix heap-based buffer overflow - CVE-2018-12700: Fix infinite recursion - CVE-2018-17794: Fix NULL pointer...

CLSA-2021-1640621287 Fix of 36 CVEs

CVE-2018-6323: Fix unsigned integer overflow - CVE-2018-19931: Fix heap-based buffer overflow in bfdelf32swapphdrin - CVE-2018-6543: Fix integer overflow - CVE-2018-20671: Fix integer overflow vulnerability - CVE-2018-6759: Fix segmentation fault - CVE-2018-7208: Fix segmentation fault -...

OPENSUSE-SU-2021:1605-1 Security update for log4j

This update for log4j fixes the following issues: - Update to 2.17.0 - CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation. bsc1193887, bsc1193888 This update was imported from the SUSE:SLE-15-SP2:Update update project...

Security update for log4j (important)

openSUSE Security Update: Security update for log4j Announcement ID: openSUSE-SU-2021:1605-1 Rating: important References: 1193887 1193888 Cross-References: CVE-2021-45105 CVSS scores: CVE-2021-45105 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.2 An...

OPENSUSE-SU-2021:4118-1 Security update for log4j

This update for log4j fixes the following issues: - Update to 2.17.0 - CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation. bsc1193887, bsc1193888...

USN-5203-1 apache-log4j2 vulnerability

Hideki Okamoto and Guy Lederfein discovered that Apache Log4j 2 did not protect against infinite recursion in lookup evaluation. A remote attacker could possibly use this issue to cause Apache Log4j 2 to crash, leading to a denial of service. Please see the following link for more information:...

Denial Of Service (DoS)

qemu is vulnerable to denial of service. The vulnerability exists due to a flaw that allows an attacker to trigger infinite recursion via a crafted mmindex value during an atimmread or atimmwrite call...

SUSE: Security Advisory (SUSE-SU-2021:3854-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:3854-1 Security update for poppler

This update for poppler fixes the following issues: - CVE-2017-18267: Fixed an infinite recursion that would allow remote attackers to cause a denial of service bsc1092945. - CVE-2018-13988: Added an improper implementation check which otherwise could allow buffer overflows, memory corruption, an...

Security update for poppler (important)

openSUSE Security Update: Security update for poppler Announcement ID: openSUSE-SU-2021:3854-1 Rating: important References: 1092945 1102531 1107597 1114966 1115185 1115186 1115187 1115626 1120495 1120496 1120939 1120956 1124150 1127329 1129202 1130229 1131696 1131722 1142465 1143950 1179163...

UniswapV2/SushiwapLPAdapter update the wrong token

Handle cmichel Vulnerability details The UniswapV2LPAdapter/SushiswapV2LPAdapter.update function retrieves the underlying from the LP token pair asset but then calls router.updateasset, proof which is the LP token itself again. This will end up with the router calling this function again...

NewStart CGSL MAIN 6.02 : binutils Multiple Vulnerabilities (NS-SA-2021-0122)

The remote NewStart CGSL host, running version MAIN 6.02, has binutils packages installed that are affected by multiple vulnerabilities: - findabstractinstance in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32, allows remote attackers to cause a...