14 matches found
EUVD-2024-34242
Malicious code in bioql PyPI...
EUVD-2023-3140
Malicious code in bioql PyPI...
Combating Reentrancy Bugs on Sharded Blockchains
Reentrancy is a well-known source of smart contract bugs on Ethereum, leading e.g. to double-spending vulnerabilities in DeFi applications. But less is known about this problem in other blockchains, which can have significantly different execution models. Sharded blockchains in particular general...
CVE-2024-11991
Motoko's incremental garbage collector is impacted by an uninitialized memory access bug, caused by incorrect use of write barriers in a few locations. This vulnerability could potentially allow unauthorized read or write access to a Canister's memory. However, exploiting this bug requires the...
CVE-2024-11991
Motoko's incremental garbage collector is impacted by an uninitialized memory access bug, caused by incorrect use of write barriers in a few locations. This vulnerability could potentially allow unauthorized read or write access to a Canister's memory. However, exploiting this bug requires the...
CVE-2024-11991
The CVE-2024-11991 entry concerns Motoko’s incremental garbage collector, where an uninitialized memory access arises from incorrect use of write barriers in a few locations. Documents confirm the vulnerability affects Motoko and that exploitation requires enabling non-default features (the incre...
CVE-2024-11991 Uninitialized memory access in Motoko incremental garbage collector
Motoko's incremental garbage collector is impacted by an uninitialized memory access bug, caused by incorrect use of write barriers in a few locations. This vulnerability could potentially allow unauthorized read or write access to a Canister's memory. However, exploiting this bug requires the...
CVE-2024-11991 Uninitialized memory access in Motoko incremental garbage collector
Motoko's incremental garbage collector is impacted by an uninitialized memory access bug, caused by incorrect use of write barriers in a few locations. This vulnerability could potentially allow unauthorized read or write access to a Canister's memory. However, exploiting this bug requires the...
Motoko 安全漏洞
Motoko is a secure, simple, participant-based programming language open-sourced by DFINITY for building Internet Computer ICP jar smart contracts. Motoko has a security vulnerability that stems from the incremental garbage collector containing an uninitialized memory access error...
PT-2024-17386 · Motoko · Motoko
Name of the Vulnerable Software and Affected Versions: Motoko affected versions not specified Description: The incremental garbage collector in Motoko is affected by an uninitialized memory access bug. This issue is caused by the incorrect use of write barriers in a few locations, potentially...
CVE-2023-6245
The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is record ; empty and the canister interface expects record then the Rust candid decoder treats empty as an extra field required by the type. The problem wit...
UBUNTU-CVE-2023-6245
The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is record ; empty and the canister interface expects record then the Rust candid decoder treats empty as an extra field required by the type. The problem wit...
Design/Logic Flaw
The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is record ; empty and the canister interface expects record then the Rust candid decoder treats empty as an extra field required by the type. The problem wit...
@cameronhunter/jest-json-schema (=2.1.0), @limedocs/core (>=1.0.0-beta.1 <=1.0.0-beta.13) +3 more potentially affected by unknown CVE via url-relative (=1.0.0)
url-relative NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on url-relative and may be impacted: - @cameronhunter/jest-json-schema =2.1.0 - @limedocs/core =1.0.0-beta.1, =0.9.0, =0.16.16 Source cves: unknown CVE Source advisory:...