Lucene search
+L

297 matches found

OSV
OSV
added 2023/09/15 12:0 p.m.16 views

RUSTSEC-2023-0085 HPACK decoder panics on invalid input

Due to insufficient checking of input data, decoding certain data sequences can lead to Decoder::decode panicking rather than returning an error. Example code that triggers this vulnerability looks like this: rust use hpack::Decoder; pub fn main let input = &0x3f; let mut decoder = Decoder::new;...

7.2AI score
Exploits0References4
OSV
OSV
added 2023/09/13 3:31 p.m.16 views

GHSA-6JMW-6MXW-W4JC BER/CER/DER decoder panics on invalid input

NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding...

7.5CVSS7.3AI score0.00592EPSS
Exploits0References5
NVD
NVD
added 2023/09/13 3:15 p.m.44 views

CVE-2023-39914

NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding...

7.5CVSS7.4AI score0.00592EPSS
Exploits0References1
Prion
Prion
added 2023/09/13 3:15 p.m.20 views

Input validation

NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding...

5CVSS7.4AI score0.00592EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/13 2:17 p.m.14 views

CVE-2023-39914 BER/CER/DER decoder panics on invalid input

NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding...

7.5CVSS6.7AI score0.00592EPSS
Exploits0References1
RustSec
RustSec
added 2023/09/13 12:0 p.m.3 views

BER/CER/DER decoder panics on invalid input

Due to insufficient checking of input data, decoding certain data sequences can lead to bcder panicking rather than returning an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding. bcder 0.7.3 fixes these issues by more...

7.5CVSS7.1AI score0.00592EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/11 8:43 p.m.13 views

Inventory fails to prohibit standard library access prior to initialization of Rust standard library runtime

Affected versions allow arbitrary caller-provided code to execute before the lifetime of main. If the caller-provided code accesses particular pieces of the standard library that require an initialized Rust runtime, such as std::io or std::thread, these may not behave as documented. Panics are...

7.4AI score
Exploits0References4Affected Software1
OSV
OSV
added 2023/09/10 12:0 p.m.8 views

RUSTSEC-2023-0057 Fails to prohibit standard library access prior to initialization of Rust standard library runtime

Affected versions allow arbitrary caller-provided code to execute before the lifetime of main. If the caller-provided code accesses particular pieces of the standard library that require an initialized Rust runtime, such as std::io or std::thread, these may not behave as documented. Panics are...

7.6AI score
Exploits0References3
RustSec
RustSec
added 2023/09/10 12:0 p.m.6 views

Fails to prohibit standard library access prior to initialization of Rust standard library runtime

Affected versions allow arbitrary caller-provided code to execute before the lifetime of main. If the caller-provided code accesses particular pieces of the standard library that require an initialized Rust runtime, such as std::io or std::thread, these may not behave as documented. Panics are...

7.6AI score
Exploits0Affected Software1
Amazon
Amazon
added 2023/08/21 12:0 a.m.5 views

Important: containerd

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct...

9.8CVSS7.6AI score0.04561EPSS
Exploits0
NVD
NVD
added 2023/08/16 11:15 a.m.33 views

CVE-2023-4241

lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected...

7.5CVSS7.5AI score0.00575EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/16 10:13 a.m.16 views

CVE-2023-4241 lol-html panics on certain HTML inputs

lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected...

7.5CVSS7.1AI score0.00575EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/08/16 10:13 a.m.32 views

CVE-2023-4241 lol-html panics on certain HTML inputs

lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected...

7.5CVSS7.7AI score0.00575EPSS
Exploits0References1
OSV
OSV
added 2023/08/09 1:17 p.m.58 views

GHSA-C3X7-354F-4P2X lol-html panics on certain HTML inputs

Impact lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected. Patches The problem has been patched and released as v1.1.1 Workarounds No workarounds exist...

7.5CVSS7.5AI score0.00575EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/08/09 1:17 p.m.37 views

lol-html panics on certain HTML inputs

Impact lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected. Patches The problem has been patched and released as v1.1.1 Workarounds No workarounds exist...

7.5CVSS7AI score0.00575EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/09 12:0 a.m.11 views

PT-2023-28331 · Lol-Html · Lol-Html

Name of the Vulnerable Software and Affected Versions: lol-html versions prior to 1.1.1 Description: The issue causes panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected. Recommendations: For versions prior to 1.1.1, update to version 1.1.1 to...

7.5CVSS7.4AI score0.00575EPSS
Exploits0References9
Amazon
Amazon
added 2023/08/07 12:0 a.m.3 views

Important: containerd

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct...

9.8CVSS7.6AI score0.04561EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/07/04 12:0 a.m.46 views

EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-2268)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a...

7.5CVSS6.9AI score0.04561EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/07/04 12:0 a.m.34 views

EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-2292)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a...

7.5CVSS6.9AI score0.04561EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/05/18 12:14 a.m.2 views

golang: crypto/tls: large handshake records may cause panics

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition...

7.5CVSS6.6AI score0.01111EPSS
Exploits0References8
Rows per page
Query Builder