Lucene search
+L

297 matches found

RedHat Linux
RedHat Linux
added 2023/05/16 8:56 a.m.3 views

kernel: scsi: smartpqi: Correct device removal for multi-actuator devices

In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Correct device removal for multi-actuator devices Correct device count for multi-actuator drives which can cause kernel panics...

5.7AI score0.00198EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.2 views

kernel: scsi: smartpqi: Correct device removal for multi-actuator devices

In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Correct device removal for multi-actuator devices Correct device count for multi-actuator drives which can cause kernel panics...

5.7AI score0.00198EPSS
Exploits0References5
OSV
OSV
added 2023/02/28 6:15 p.m.2 views

AZL-78952 CVE-2022-41724 affecting package golang 1.25.7-1

Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session...

7.5CVSS6.6AI score0.01111EPSS
Exploits0References1
CVE
CVE
added 2023/02/28 5:19 p.m.632 views

CVE-2022-41724

CVE-2022-41724 describes a vulnerability where large TLS handshake records may cause panics in crypto/tls implementations. Affected are Go TLS clients (including TLS1.3 and TLS1.2 with session resumption) and TLS1.3 servers that request client certificates. Technical cause is panics when construc...

7.5CVSS8.8AI score0.01111EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/02/28 5:19 p.m.32 views

CVE-2022-41724 Panic on large handshake records in crypto/tls

Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session...

7.5CVSS6.8AI score0.01111EPSS
Exploits0References8
OSV
OSV
added 2023/02/14 7:41 p.m.40 views

GO-2023-1558 Denial of service via malformed size parameters in github.com/ipfs/go-bitfield

When feeding untrusted user input into the size parameter of NewBitfield and FromBytes functions, an attacker can trigger panics. This happens when the size is a not a multiple of 8 or is negative. A workaround is to ensure size%8 == 0 && size = 0 yourself before calling NewBitfield or FromBytes...

7.5CVSS6.4AI score0.0091EPSS
Exploits1References2
OSV
OSV
added 2023/02/14 7:34 p.m.50 views

GO-2023-1557 Denial of service via HAMT decoding panic in github.com/ipfs/go-unixfs

Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus "fanout" parameter in the HAMT directory nodes. A workaround is to not feed untrusted user data to th...

7.5CVSS6.2AI score0.00675EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/02/10 11:8 p.m.21 views

Denial of service via HAMT Decoding Panics

Impact Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout parameter in the HAMT directory nodes. This include checks returned in ipfs/go-bitfield...

7.5CVSS7.2AI score0.00675EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/02/10 11:8 p.m.75 views

GHSA-Q264-W97Q-Q778 Denial of service via HAMT Decoding Panics

Impact Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout parameter in the HAMT directory nodes. This include checks returned in ipfs/go-bitfield...

5.9CVSS6.4AI score0.00675EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/02/10 7:54 p.m.29 views

IPFS go-unixfsnode subject to DOS via HAMT Decoding Panics

Impact Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by a bogus fanout parameter in the HAMT directory nodes. This includes checks returned in...

7.5CVSS7.2AI score0.00908EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/02/10 7:54 p.m.11 views

GHSA-4GJ3-6R43-3WFC IPFS go-unixfsnode subject to DOS via HAMT Decoding Panics

Impact Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by a bogus fanout parameter in the HAMT directory nodes. This includes checks returned in...

7.5CVSS6.4AI score0.00908EPSS
Exploits0References7
OSV
OSV
added 2023/02/10 7:52 p.m.28 views

GHSA-2H6C-J3GF-XP9R IPFS go-bitfield vulnerable to DoS via malformed size arguments

Impact When feeding untrusted user input into the size parameter of NewBitfield and FromBytes functions, an attacker can trigger panics. This happen when the size is a not a multiple of 8 or is negative. There were already a note in the NewBitfield documentation: Panics if size is not a multiple ...

5.9CVSS6.5AI score0.0091EPSS
Exploits1References5
NVD
NVD
added 2023/02/09 9:15 p.m.37 views

CVE-2023-23626

go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. When feeding untrusted user input into the size parameter of NewBitfield and FromBytes functions, an attacker can trigger panics. This happen when the size is a not a multiple of 8...

7.5CVSS6.2AI score0.0091EPSS
Exploits1References2
Prion
Prion
added 2023/02/09 9:15 p.m.11 views

Design/Logic Flaw

go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...

5CVSS7.4AI score0.00675EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/02/09 8:57 p.m.35 views

CVE-2023-23625 Denial of service in HAMT Decoding in go-unixfs

go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...

5.9CVSS7.6AI score0.00675EPSS
Exploits0References2
OSV
OSV
added 2023/02/09 8:57 p.m.25 views

CVE-2023-23625 Denial of service in HAMT Decoding in go-unixfs

go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...

5.9CVSS7.4AI score0.00675EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/02/09 8:46 p.m.40 views

CVE-2023-23631 HAMT Decoding Panics in github.com/ipfs/go-unixfsnode

github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. In versions priot to 1.5.2 trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an...

5.9CVSS7.5AI score0.00908EPSS
Exploits0References4
OSV
OSV
added 2023/02/09 8:46 p.m.28 views

CVE-2023-23631 HAMT Decoding Panics in github.com/ipfs/go-unixfsnode

github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. In versions priot to 1.5.2 trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an...

5.9CVSS7.3AI score0.00908EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/02/09 12:0 a.m.3 views

PT-2023-19085 · Go-Unixfs · Go-Unixfs

Name of the Vulnerable Software and Affected Versions: go-unixfs versions prior to 0.4.3 Description: The issue is caused by trying to read malformed HAMT sharded directories, which can lead to panics and virtual memory leaks. If untrusted user input is being read, an attacker can trigger a panic...

7.5CVSS7.1AI score0.00675EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/02/09 12:0 a.m.5 views

go-unixfsnode 资源管理错误漏洞

go-unixfsnode is an IPLD ADL that provides string-based paths for protobuf nodes. A resource management error vulnerability exists in go-unixfsnode versions prior to 1.5.2, which stems from an attempt to read an incorrectly formatted HAMT slice directory that could lead to panic and virtual memor...

7.5CVSS7.2AI score0.00908EPSS
Exploits0References6
Rows per page
Query Builder