Netty has Unbounded Direct Memory Consumption in its RedisDecoder

Summary An attacker can cause DoS by sending crafted Redis payloads across multiple connections without \r\n. This exhausts the server's direct memory pool OutOfDirectMemoryError, preventing legitimate connections from being processed. Details io.netty.handler.codec.redis.RedisDecoder decodes the...

CLSA-2026-1779095842 memcached: Fix of CVE-2021-37519

CVE-2021-37519: heap buffer overflow in authfileload when the auth file lacks a trailing newline; missing bounds check on fgets and missing NUL check in the user-entry parse loop allow local DoS via a crafted --auth-file...

parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.

...

Linux Distros Unpatched Vulnerability : CVE-2017-9108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r,...

CVE-2023-27600

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the deletesdpline function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP...

libproxy: uncontrolled recursion via an infinite stream response leading to stack exhaustion

A flaw was found in libproxy in versions 0.4 through 0.4.15. A remote HTTP server can trigger an uncontrolled recursion via a response composed of an infinite stream that lacks a newline character leading to a stack exhaustion. The highest threat from this vulnerability is to system availability...

The vulnerability of the `url::recvline` function in the `url.cpp` component of the Libproxy configuration management library involves allowing an operation’s output to be within acceptable buffer data limits. This allows a malicious actor to cause a service failure.

The vulnerability of the url::recvline function in the url.cpp component of the Libproxy configuration management library is related to incorrect handling of the absence of a new line character. Exploiting this vulnerability could allow an attacker to cause service failures...

AZL-7270 CVE-2020-25219 affecting package libproxy for versions less than 0.4.15-20

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion...