FreeBSD : PuTTY -- integer overflow permits memory overwrite by forwarded ssh-agent connections (9b973e97-0a99-11e7-ace7-080027ef73ec)

Simon G. Tatham reports : Many versions of PuTTY prior to 0.68 have a heap-corrupting integer overflow bug in the sshagentchanneldata function which processes messages sent by remote SSH clients to a forwarded agent connection. ... This bug is only exploitable at all if you have enabled SSH agent...

kernel: State machine confusion bug in vfio driver leading to memory corruption

A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution...

kernel: State machine confusion bug in vfio driver leading to memory corruption

A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution...

MGASA-2017-0057 Updated gtk-vnc packages fix security vulnerability

It was found that gtk-vnc code does not properly check boundaries of subrectangle-containing tiles. A malicious server can use this to overwrite parts of the client memory CVE-2017-5884. In addition, the vncconnectionservermessage and vnccolormapset functions do not check for integer overflow...

Denial Of Service (DoS) Through Memory Overwrite

OepnSSL is vulnerable to denial of service DoS attacks through memory overwrite and client application crash. If a multithreaded client connects to a malicious server using a resumed session, it is possible to trigger a race condition in the sslparseserverhellotlsext function which allows an...

PuTTY -- integer overflow permits memory overwrite by forwarded ssh-agent connections

Simon G. Tatham reports: Many versions of PuTTY prior to 0.68 have a heap-corrupting integer overflow bug in the sshagentchanneldata function which processes messages sent by remote SSH clients to a forwarded agent connection. ... This bug is only exploitable at all if you have enabled SSH agent...

CVE-2016-8440

Possible buffer overflow in SMMU system call. Improper input validation in ADSP SID2CB system call may result in hypervisor memory overwrite. Product: Android. Versions: Kernel 3.18. Android ID: A-31625306. References: QC-CR1036747...

Buffer overflow

Possible buffer overflow in SMMU system call. Improper input validation in ADSP SID2CB system call may result in hypervisor memory overwrite. Product: Android. Versions: Kernel 3.18. Android ID: A-31625306. References: QC-CR1036747...

CVE-2016-8440

CVE-2016-8440 details (Android kernel 3.18): A buffer overflow in the SMMU system call, caused by improper input validation in the ADSP SID2CB system call, may lead to hypervisor memory overwrite. The vulnerability affects Android on Kernel 3.18 and is described with a high-severity impact (poten...

DEBIAN-CVE-2016-5684

An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vulnerability...

CVE-2016-5684

An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vulnerability...

Out-of-bounds

An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vulnerability...

CVE-2016-5684

An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vulnerability...

CVE-2016-5684

An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vulnerability...

UBUNTU-CVE-2016-5684

An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vulnerability...

UBUNTU-CVE-2016-2123

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndrpulldnspname contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndrpulldnspname parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute ov...

CVE-2016-8632

A flaw was found in the TIPC networking subsystem which could allow for memory corruption and possible privilege escalation. The flaw involves a system with an unusually low MTU 60 on networking devices configured as bearers for the TIPC protocol. An attacker could create a packet which will...

OOB write via unchecked multiplication

In libcurl's base64 encode function, the output buffer is allocated as follows without any checks on insize: malloc insize 4 / 3 + 4 On systems with 32-bit addresses in userspace e.g. x86, ARM, x32, the multiplication in the expression wraps around if insize is at least 1GB of data. If this...

CURL-CVE-2016-8617 OOB write via unchecked multiplication

In libcurl's base64 encode function, the output buffer is allocated as follows without any checks on insize: malloc insize 4 / 3 + 4 On systems with 32-bit addresses in userspace e.g. x86, ARM, x32, the multiplication in the expression wraps around if insize is at least 1GB of data. If this...

[SECURITY] [DLA DLA-647-1] freeimage security update

Package : freeimage Version : 3.15.1-1.1+deb7u1 CVE ID : CVE-2016-5684 Debian Bug : 839827 It was discovered that there was an out-of-bounds write vulnerability in the XMP image handling functionality in freeimage, a support library for various graphics image formats. A specially crafted XMP file...