711 matches found
AZL-67617 CVE-2025-58749 affecting package fluent-bit for versions less than 3.0.6-4
WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. In WAMR versions prior to 2.4.2, when running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill instruction where the first operand memory address...
CVE-2025-58749 WAMR runtime hangs or crashes with large memory.fill addresses in LLVM-JIT mode
WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. In WAMR versions prior to 2.4.2, when running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill instruction where the first operand memory address...
CVE-2025-58749
CVE-2025-58749 affects WebAssembly Micro Runtime (WAMR) prior to version 2.4.2. In LLVM-JIT mode, WebAssembly programs containing a memory.fill instruction with the first operand (memory address pointer) >= 2 GiB could cause the runtime to hang (release builds) or crash (debug builds) due to i...
Linux Distros Unpatched Vulnerability : CVE-2015-3027
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which...
Linux Distros Unpatched Vulnerability : CVE-2023-26924
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispute this because the LLVM security policy excludes Language...
Linux Distros Unpatched Vulnerability : CVE-2023-29942
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isamlir::LLVM::LLVMVoidType. CVE-2023-29942 Note that...
Linux Distros Unpatched Vulnerability : CVE-2023-29935
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.countop && operation was already replaced. CVE-2023-29935 Note that...
Linux Distros Unpatched Vulnerability : CVE-2023-29933
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument. CVE-2023-29933 Note that Nessus relies o...
Linux Distros Unpatched Vulnerability : CVE-2023-29941
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOpmlir::sparsetensor::SortOp. CVE-2023-29941 No...
SUSE CVE-2024-58262
The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM...
Duplicate Advisory: curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-x4gp-pqpj-f43q. This link is maintained to preserve external references. Original Description The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is...
DEBIAN-CVE-2024-58262
The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM...
CVE-2024-58262
The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM...
CVE-2024-58262
The CVE-2024-58262 issue affects the curve25519-dalek Rust crate prior to version 4.1.3, where a constant-time operation on elliptic curve scalars is removed by LLVM. This timing-related behavior can impact confidentiality and is classified with a MEDIUM severity (NVD CVSS 3.1: 5.1). Public refer...
RVISmith: Fuzzing Compilers for RVV Intrinsics
Modern processors are equipped with single instruction multiple data SIMD instructions for fine-grained data parallelism. Compiler auto-vectorization techniques that target SIMD instructions face performance limitations due to insufficient information available at compile time, requiring...
The vulnerability in the LLVM Toolchain development tools relates to the execution of operations outside of the buffer in memory, allowing an attacker to trigger a service failure.
The vulnerability of the LLVM Toolchain development tools is related to the execution of operations outside of the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to trigger a service failure...
TencentOS Server 4: llvm (TSSA-2024:0170)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0170 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Fedora: Security Advisory (FEDORA-2024-6d9aba8c3c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-37880
The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because polyfrommsg in poly.c does not prevent Clang from...
CVE-2024-45056
zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...