Denial of service

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child...

golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers

A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory,...

golang: regexp/syntax: limit memory used by parsing regexps

A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as...

golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers

A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory,...

golang: regexp/syntax: limit memory used by parsing regexps

A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as...

golang: regexp/syntax: limit memory used by parsing regexps

A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as...

golang: regexp/syntax: limit memory used by parsing regexps

A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as...

golang: regexp/syntax: limit memory used by parsing regexps

A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as...

CVE-2022-3882

CVE-2022-3882 concerns the WordPress WP Memory plugin prior to 2.46. The vulnerability is a lack of proper authorization and CSRF protection in an AJAX action, allowing any authenticated user (e.g., a subscriber) to call the action and install/activate arbitrary plugins from wordpress.org. Connec...

AZL-11130 CVE-2022-41715 affecting package golang for versions less than 1.19.5-1

Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consu...

AZL-37407 CVE-2022-41715 affecting package golang for versions less than 1.21.6-1

Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consu...

AZL-78964 CVE-2022-41715 affecting package golang 1.25.7-1

Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consu...

AZL-41901 CVE-2022-2879 affecting package containerized-data-importer for versions less than 1.57.0-3

Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

CVE-2022-41715

Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consu...

Allocation of Resources Without Limits or Throttling

Overview std/regexp/syntax is a Go standard library package std/regexp/syntax Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report:Programs which compile regular expressions from untrusted sources may be vulnerable to...

PT-2022-26045 · Alt Linux +8 · Alt Linux +8

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Programs that compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp...

Google Golang 安全漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

Eclipse Milo 安全漏洞

Eclipse Milo is an open source implementation of OPC UA IEC 62541 from the Eclipse Foundation. A security vulnerability exists in Eclipse Milo sdk-server versions prior to 0.6.8, which originates from a denial of service when the memory footprint limit is bypassed by sending multiple CloseSession...

CVE-2022-0480

A flaw was found in the filelockinit in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface POSIX file locks...

node-opcua DoS vulnerability via message with memory allocation that exceeds v8's memory limit

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit...