53 matches found
AZL-51684 CVE-2024-50602 affecting package expat for versions less than 2.6.3-2
An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser...
OSV-2024-1071 Use-of-uninitialized-value in Poco::Dynamic::Var::~Var
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42538385 Crash type: Use-of-uninitialized-value Crash state: Poco::Dynamic::Var::Var void Poco::JSON::Object::doStringifystd::1::mapstd::1::basicstringchar, Poco::JWT::Serializer::serialize...
CVE-2024-31078
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference...
cJSON v1.7.17 was discovered to contain a segmentation violation which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.
...
AZL-34687 CVE-2024-25629 affecting package fluent-bit for versions less than 3.0.6-1
c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...
USN-6371-1 libssh2 vulnerability
It was discovered that libssh2 incorrectly handled memory access. An attacker could possibly use this issue to cause a crash...
Memory corruption
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information...
AZL-27630 CVE-2023-39129 affecting package crash for versions less than 8.0.1-3
GNU gdb GDB 13.0.50.20220805-git was discovered to contain a heap use after free via the function addpeexportedsym at /gdb/coff-pe-read.c...
USN-6048-1 ZenLib vulnerability
It was discovered that ZenLib doesn't check the return value of a specific operation before using it. An attacker could use a specially crafted input to crash programs using the library...
SUSE CVE-2019-11638
An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function recfieldnameequalp at rec-field-name.c in librec.a, leading to a crash...
Design/Logic Flaw
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized ASAN build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the...
GHSA-27MX-GCHC-6XJP Unhandled crash in npm posix
This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable not a function, and then it will crash with type-check...
CVE-2022-24615
zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library...
USN-5043-2 exiv2 regression
USN-5043-1 fixed vulnerabilities in Exiv2. The update introduced a new regression that could cause a crash in applications using libexiv2. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Exiv2 incorrectly handled certain image...
USN-5005-1 djvulibre vulnerability
It was discovered that DjVuLibre incorrectly handled certain djvu files. An attacker could possibly use this issue to execute arbitrary code or cause a crash...
USN-4768-1 musl vulnerabilities
It was discovered that musl did not properly handle kernel syscalls. An attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code. CVE-2018-1000001 It was discovered that musl did not properly handle the parsing of DNS response codes. A remote...
USN-4230-1 clamav vulnerability
It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service...
opensc: Out of bounds reads handling responses from smartcards
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs...
Fedora 30 : mosquitto (2019-cc896df591)
1.6.2 ===== Broker : - Fix memory access after free, leading to possible crash, when v5 client with Will message disconnects, where the Will message has as its first property one of content-type, correlation-data, payload-format-indicator, or response-topic. - Fix build for WITHTLS=no. - Fix Will...
DEBIAN-CVE-2018-16427
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs...