39 matches found
PYSEC-2024-86
Wagtail is an open source content management system built on Django. A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedl...
CVE-2023-36659
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service loss of communication...
CVE-2023-36659
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service loss of communication...
CVE-2023-36659
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service loss of communication...
SUSE CVE-2012-5667
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow...
PT-2022-20550
Name of the Vulnerable Software and Affected Versions moment versions prior to 2.29.4 Description The issue is related to an inefficient parsing algorithm used in the moment JavaScript date library, specifically in the string-to-date parsing and rfc2822 parsing. This results in quadratic complexi...
Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow context-dependent attackers to execute arbitrary code via (1) a long argument on the command line; a long (2) WNSEARCHDIR (3) WNHOME or (4) WNDBVERSION environment variable; or (5) a user-supplied dictionary (aka data file). NOTE: since WordNet itself does not run with special privileges this issue only crosses privilege boundaries when WordNet is invoked as a third party component.
...
nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS
This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...
PT-2021-11240 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 12.4 and later Description: An issue has been discovered in GitLab where the regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string...
CVE-2020-15061
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values...
CVE-2020-15057
TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values...
CVE-2020-15061
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values...
Integer overflows in URL parser
libcurl contains two integer overflows in the curlurlset function that if triggered, can lead to a too small buffer allocation and a subsequent heap buffer overflow. The flaws only exist on 32-bit architectures and require excessive string input lengths...
UBUNTU-CVE-2018-10907
It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca3'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffe...
glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines
Multiple integer overflows in the 1 strtod, 2 strtof, 3 strtold, 4 strtodl, and other unspecified "related functions" in stdlib in GNU C Library aka glibc or libc6 2.16 allow local users to cause a denial of service application crash and possibly execute arbitrary code via a long string, which...
cscope: multiple buffer overflows
Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as 1 source-code tokens and 2 pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541...
CVE-2002-2253
Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and earlier allow remote attackers to execute arbitrary code via 1 a long header name, 2 a long IMAP flag, or 3 a script that generates a large number of errors that overflow the resulting error string...
Buffer overflow
Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via a 1 long command, 2 long server argument to the a connect or b server commands, 3 long nick argument to the c nick command, or a long 4 nick or 5 message argument to the d ctcp, e chat, f notice, ...
CVE-2006-3788
Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code via 1 a long unit name in Net::recvaddunit,; 2 large values to Net::recvrules, Net::recvselectunit, Net::recvoptions, and Net::recvunitdata; and 3 a large mapdata GEODATA structure in...