pg-native and libpq vulnerable to uncontrolled resource consumption

pg-native before 3.0.1 and libpq before 1.8.10 are vulnerable to Denial of Service DoS when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. Note: pg-native is a mere binding to npm's libpq library, which in turn has the addons...

CVE-2022-25852

All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service DoS when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. Note: pg-native is a mere binding to npm's libpq library, which in...

Design/Logic Flaw

All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service DoS when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. Note: pg-native is a mere binding to npm's libpq library, which in...

CVE-2022-25852 Denial of Service (DoS)

All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service DoS when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. Note: pg-native is a mere binding to npm's libpq library, which in...

CVE-2022-25852

The CVE-2022-25852 issue affects pg-native and libpq bindings for Node.js, causing Denial of Service when addons cast the second argument to an array and fail. Affected versions: pg-native prior to 3.0.1 and libpq prior to 1.8.10. The DoS condition occurs for every non-array argument passed. Reme...

CVE-2022-25852

All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service DoS when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. Note: pg-native is a mere binding to npm's libpq library, which in...

PT-2022-17569 · Npm · Libpq +1

Name of the Vulnerable Software and Affected Versions: pg-native versions prior to 3.0.1 libpq versions prior to 1.8.10 Description: The issue is related to a Denial of Service DoS condition that occurs when the addons attempt to cast the second argument to an array and fail. This happens for eve...

Apache Hadoop Elevation of Privilege Vulnerability (CNVD-2022-51055)

Apache Hadoop is an open source distributed systems infrastructure from the Apache Foundation. The product is capable of distributed processing of large amounts of data and is highly reliable, scalable, and fault-tolerant. an elevation of privilege vulnerability exists in Apache Hadoop, which ste...

npm pg-native 代码问题漏洞

npm pg-native is a high-performance native binding between node.js and PostgreSQL from US-based npm, using a simple API via libpq. A code issue vulnerability exists in pg-native that stems from the plugin's susceptibility to a denial of service DoS when it attempts to convert the second parameter...

gogo

gogo blog posts. - https://chainreactors.github.io/wiki/blog...

Security 101: Cloud-native Virtual Patching

Learn about the challenges faced when implementing a vulnerability and patch management policy and how does cloud-native virtual patching can help...

USN-5479-1 php7.2, php7.4, php8.0, php8.1 vulnerabilities

Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pgqueryparams function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2022-31625 Charles Fol discovered that...

PT-2022-14430 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-12L Description: In the getAppSize function of InstalldNativeService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution...

Apache Hadoop 路径遍历漏洞

Apache Hadoop is an open source distributed systems infrastructure from the Apache Foundation. The product is capable of distributed processing of large amounts of data and is highly reliable, scalable, and fault-tolerant. an elevation of privilege vulnerability exists in Apache Hadoop, which ste...

GHSA-RMPJ-7C96-MRG8 Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2

There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher...

Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2

There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher...

CVE-2022-29225

Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small highly compressed...

Design/Logic Flaw

Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT in newer versions and corrupts memory on earlier versions. continueDecoding shouldn’t eve...

Design/Logic Flaw

Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a loc...

Authentication flaw

Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the current...