297 matches found
RUSTSEC-2023-0085 HPACK decoder panics on invalid input
Due to insufficient checking of input data, decoding certain data sequences can lead to Decoder::decode panicking rather than returning an error. Example code that triggers this vulnerability looks like this: rust use hpack::Decoder; pub fn main let input = &0x3f; let mut decoder = Decoder::new;...
GHSA-6JMW-6MXW-W4JC BER/CER/DER decoder panics on invalid input
NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding...
CVE-2023-39914
NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding...
Input validation
NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding...
CVE-2023-39914 BER/CER/DER decoder panics on invalid input
NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding...
BER/CER/DER decoder panics on invalid input
Due to insufficient checking of input data, decoding certain data sequences can lead to bcder panicking rather than returning an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding. bcder 0.7.3 fixes these issues by more...
Inventory fails to prohibit standard library access prior to initialization of Rust standard library runtime
Affected versions allow arbitrary caller-provided code to execute before the lifetime of main. If the caller-provided code accesses particular pieces of the standard library that require an initialized Rust runtime, such as std::io or std::thread, these may not behave as documented. Panics are...
RUSTSEC-2023-0057 Fails to prohibit standard library access prior to initialization of Rust standard library runtime
Affected versions allow arbitrary caller-provided code to execute before the lifetime of main. If the caller-provided code accesses particular pieces of the standard library that require an initialized Rust runtime, such as std::io or std::thread, these may not behave as documented. Panics are...
Fails to prohibit standard library access prior to initialization of Rust standard library runtime
Affected versions allow arbitrary caller-provided code to execute before the lifetime of main. If the caller-provided code accesses particular pieces of the standard library that require an initialized Rust runtime, such as std::io or std::thread, these may not behave as documented. Panics are...
Important: containerd
Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct...
CVE-2023-4241
lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected...
CVE-2023-4241 lol-html panics on certain HTML inputs
lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected...
CVE-2023-4241 lol-html panics on certain HTML inputs
lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected...
GHSA-C3X7-354F-4P2X lol-html panics on certain HTML inputs
Impact lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected. Patches The problem has been patched and released as v1.1.1 Workarounds No workarounds exist...
lol-html panics on certain HTML inputs
Impact lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected. Patches The problem has been patched and released as v1.1.1 Workarounds No workarounds exist...
PT-2023-28331 · Lol-Html · Lol-Html
Name of the Vulnerable Software and Affected Versions: lol-html versions prior to 1.1.1 Description: The issue causes panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected. Recommendations: For versions prior to 1.1.1, update to version 1.1.1 to...
Important: containerd
Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct...
EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-2268)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a...
EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-2292)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a...
golang: crypto/tls: large handshake records may cause panics
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition...