26 matches found
CVE-2026-55517 Deno: Denial of service via non-ASCII bytes in WebSocket response headers
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.5, a Deno program that opens a client WebSocket connection could be crashed by the remote server. While handling the WebSocket handshake response, Deno parsed the Sec-WebSocket-Protocol and Sec-WebSocket-Extensions response...
CVE-2026-55517
CVE-2026-55517 affects Deno prior to 2.7.5, where a client WebSocket handshake could crash the process if the server returned non-ASCII bytes in Sec-WebSocket-Protocol or Sec-WebSocket-Extensions headers. The root cause is parsing those headers as ASCII strings, triggering a panic when non-printa...
Deno: Denial of service via non-ASCII bytes in WebSocket response headers
Summary A Deno program that opens a client WebSocket connection could be crashed by the remote server. While handling the WebSocket handshake response, Deno parsed the Sec-WebSocket-Protocol and Sec-WebSocket-Extensions response headers in a way that assumed their bytes were always printable ASCI...
CVE-2026-42544 Granian: Unauthenticated DoS via WebSocket subprotocol header panic
Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protocol header contains non-ASCII bytes. The crash happens in Granian's WebSocket scope construction...
freerdp: FreeRDP global-buffer-overflow
A global buffer overflow flaw has been discovered in FreeRDP. This global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = 0 can be...
freerdp: FreeRDP global-buffer-overflow
A global buffer overflow flaw has been discovered in FreeRDP. This global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = 0 can be...
freerdp: FreeRDP global-buffer-overflow
A global buffer overflow flaw has been discovered in FreeRDP. This global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = 0 can be...
freerdp: FreeRDP global-buffer-overflow
A global buffer overflow flaw has been discovered in FreeRDP. This global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = 0 can be...
freerdp: FreeRDP global-buffer-overflow
A global buffer overflow flaw has been discovered in FreeRDP. This global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = 0 can be...
CVE-2026-22858 FreeRDP has a global-buffer-overflow in crypto_base64_decode
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = ...
CVE-2026-22858
CVE-2026-22858 affects FreeRDP prior to 3.20.1, where a global-buffer-overflow can occur in the Base64 decoding path due to implementation‑defined char signedness causing out‑of‑bounds access. The vulnerability is fixed in 3.20.1; multiple advisories (SUSE/SLES/OpenSUSE/Fedora) reference updating...
EUVD-2024-54400
Malicious code in bioql PyPI...
SUSE-SU-2025:20532-1 Security update for perl
This update for perl fixes the following issues: - CVE-2024-56406: Fixed heap buffer overflow when transliterating non-ASCII bytes bsc1241083 - CVE-2025-40909: Fixed a working directory race condition causing file operations to target unintended paths bsc1244079...
Important: Red Hat Security Advisory: perl security update
An update for perl is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes
A flaw was found in Perl. This vulnerability allows a heap buffer overflow, which can lead to denial of service and potential arbitrary code execution on platforms that lack sufficient defenses via specially crafted input to the tr/// transliteration operator containing non-ASCII bytes on the...
ALSA-2025:7500 Important: perl security update
Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fixes: perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes CVE-2024-56406 For more details about the...
Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes
...
CVE-2024-56406
A flaw was found in Perl. This vulnerability allows a heap buffer overflow, which can lead to denial of service and potential arbitrary code execution on platforms that lack sufficient defenses via specially crafted input to the tr/// transliteration operator containing non-ASCII bytes on the...
USN-7434-1 perl vulnerability
It was discovered that Perl incorrectly handled transliterating non-ASCII bytes. A remote attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code...
AZL-60409 CVE-2024-56406 affecting package perl for versions less than 5.38.2-507
A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the tr operator, Sdotransinvmap can overflow the destination...