297 matches found
kernel: scsi: smartpqi: Correct device removal for multi-actuator devices
In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Correct device removal for multi-actuator devices Correct device count for multi-actuator drives which can cause kernel panics...
kernel: scsi: smartpqi: Correct device removal for multi-actuator devices
In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Correct device removal for multi-actuator devices Correct device count for multi-actuator drives which can cause kernel panics...
AZL-78952 CVE-2022-41724 affecting package golang 1.25.7-1
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session...
CVE-2022-41724
CVE-2022-41724 describes a vulnerability where large TLS handshake records may cause panics in crypto/tls implementations. Affected are Go TLS clients (including TLS1.3 and TLS1.2 with session resumption) and TLS1.3 servers that request client certificates. Technical cause is panics when construc...
CVE-2022-41724 Panic on large handshake records in crypto/tls
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session...
GO-2023-1558 Denial of service via malformed size parameters in github.com/ipfs/go-bitfield
When feeding untrusted user input into the size parameter of NewBitfield and FromBytes functions, an attacker can trigger panics. This happens when the size is a not a multiple of 8 or is negative. A workaround is to ensure size%8 == 0 && size = 0 yourself before calling NewBitfield or FromBytes...
GO-2023-1557 Denial of service via HAMT decoding panic in github.com/ipfs/go-unixfs
Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus "fanout" parameter in the HAMT directory nodes. A workaround is to not feed untrusted user data to th...
Denial of service via HAMT Decoding Panics
Impact Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout parameter in the HAMT directory nodes. This include checks returned in ipfs/go-bitfield...
GHSA-Q264-W97Q-Q778 Denial of service via HAMT Decoding Panics
Impact Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout parameter in the HAMT directory nodes. This include checks returned in ipfs/go-bitfield...
IPFS go-unixfsnode subject to DOS via HAMT Decoding Panics
Impact Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by a bogus fanout parameter in the HAMT directory nodes. This includes checks returned in...
GHSA-4GJ3-6R43-3WFC IPFS go-unixfsnode subject to DOS via HAMT Decoding Panics
Impact Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by a bogus fanout parameter in the HAMT directory nodes. This includes checks returned in...
GHSA-2H6C-J3GF-XP9R IPFS go-bitfield vulnerable to DoS via malformed size arguments
Impact When feeding untrusted user input into the size parameter of NewBitfield and FromBytes functions, an attacker can trigger panics. This happen when the size is a not a multiple of 8 or is negative. There were already a note in the NewBitfield documentation: Panics if size is not a multiple ...
CVE-2023-23626
go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. When feeding untrusted user input into the size parameter of NewBitfield and FromBytes functions, an attacker can trigger panics. This happen when the size is a not a multiple of 8...
Design/Logic Flaw
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...
CVE-2023-23625 Denial of service in HAMT Decoding in go-unixfs
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...
CVE-2023-23625 Denial of service in HAMT Decoding in go-unixfs
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...
CVE-2023-23631 HAMT Decoding Panics in github.com/ipfs/go-unixfsnode
github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. In versions priot to 1.5.2 trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an...
CVE-2023-23631 HAMT Decoding Panics in github.com/ipfs/go-unixfsnode
github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. In versions priot to 1.5.2 trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an...
PT-2023-19085 · Go-Unixfs · Go-Unixfs
Name of the Vulnerable Software and Affected Versions: go-unixfs versions prior to 0.4.3 Description: The issue is caused by trying to read malformed HAMT sharded directories, which can lead to panics and virtual memory leaks. If untrusted user input is being read, an attacker can trigger a panic...
go-unixfsnode 资源管理错误漏洞
go-unixfsnode is an IPLD ADL that provides string-based paths for protobuf nodes. A resource management error vulnerability exists in go-unixfsnode versions prior to 1.5.2, which stems from an attempt to read an incorrectly formatted HAMT slice directory that could lead to panic and virtual memor...