50 matches found
AZL-35669 CVE-2024-24786 affecting package packer for versions less than 1.9.5-3
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35099 CVE-2023-48795 affecting package packer for versions less than 1.9.5-1
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...
AZL-32225 CVE-2023-48795 affecting package packer for versions less than 1.9.5-3
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...
AZL-13586 CVE-2023-0475 affecting package packer for versions less than 1.8.7-1
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...
SUSE CVE-2020-27788
An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack function of plxelf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service...
AZL-40841 CVE-2022-3064 affecting package packer for versions less than 1.9.5-1
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...
AZL-11115 CVE-2022-42717 affecting package packer for versions less than 1.8.7-1
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...
Hashicorp Packer 安全漏洞
HashiCorp Hashicorp Packer is a free and open source tool from the US company HashiCorp. It is used to create gold images for multiple platforms from a single source configuration. A security vulnerability exists in Hashicorp Packer versions prior to 2.3.1, which stems from the fact that the...
UPX 缓冲区错误漏洞
UPX is an open source executable file packaging program that supports a variety of file formats from different operating systems. A heap buffer overflow vulnerability exists in UPX version 4.0.0. The vulnerability stems from an imperfect check in plxelf.cpp. No detailed vulnerability details are...
CVE-2019-19689
Trend Micro HouseCall for Home Networks versions below 5.3.0.1063 could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses...