Buffer Overflow

libasn1c.so is vulnerable to Stack-based buffer overflow. The vulnerability is due to vulnerable function genhashget which results in segmentation fault crashing of application while processing ASN.1 module files and producing the C++ compatible C source code which can be used to...

Denial Of Service (DoS)

github.com/cometbft/cometbft is vulnerable to Denial of Service DoS attacks. A deadlock is introduced when serializing the struct PeerState to JSON when the new method MarshallJSON is used. One way is via Logs, putting the consensus module to debug level, and changing the output format to JSON. O...

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a...

GO-2023-1882 Deadlock in github.com/cometbft/cometbft/consensus

An internal modification to the way PeerState is serialized to JSON introduced a deadlock when the new function MarshalJSON is called. This function can be called in two ways. The first is via logs, by setting the consensus logging module to "debug" level which should not happen in production, an...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional.

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in Jan 2023, App Connect Professional have addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-21830...

GHSA-MVJ3-QRQH-CJVR CometBFT PeerState JSON serialization deadlock

Impact An internal modification to the way struct PeerState is serialized to JSON introduced a deadlock when new function MarshallJSON is called. This function can be called from two places: 1. Via logs Setting the consensus logging module to "debug" level should not happen in production, and...

CometBFT PeerState JSON serialization deadlock

Impact An internal modification to the way struct PeerState is serialized to JSON introduced a deadlock when new function MarshallJSON is called. This function can be called from two places: 1. Via logs Setting the consensus logging module to "debug" level should not happen in production, and...

CVE-2023-34450

CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the way struct PeerState is serialized to JSON introduced a deadlock when new function MarshallJSON is...

Format string

CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the way struct PeerState is serialized to JSON introduced a deadlock when new function MarshallJSON is...

CVE-2023-34450

CometBFT (CVE-2023-34450) describes a deadlock in PeerState JSON serialization introduced by a change in versions 0.34.28 and 0.37.1. The deadlock can be triggered either by logging to JSON (consensus module set to debug) or by the RPC dump_consensus_state, potentially halting the node. The issue...

CVE-2023-34450 CometBFT PeerState JSON serialization deadlock

CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the way struct PeerState is serialized to JSON introduced a deadlock when new function MarshallJSON is...

CVE-2023-34450 CometBFT PeerState JSON serialization deadlock

CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the way struct PeerState is serialized to JSON introduced a deadlock when new function MarshallJSON is...

PT-2023-24886 · Cometbft · Cometbft

Name of the Vulnerable Software and Affected Versions: CometBFT versions 0.34.28 through 0.34.28 CometBFT versions 0.37.1 through 0.37.1 Description: An internal modification to the way struct PeerState is serialized to JSON introduced a deadlock when the new function MarshallJSON is called. This...

Security Bulletin: CVE-2023-21830 and CVE-2023-21843 may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Advanced

Summary CVE-2023-21830 and CVE-2023-21843 may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode

A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There was a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVE. This issue was disclosed as part of the Java Technology Edition Quarter...

Security Bulletin: IBM Storage Protect Server is vulnerable to denial of service due to Java SE (CVE-2023-21830, CVE-2023-21843)

Summary Java SE is used by IBM Storage Protect Server and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component could allow a remote attacker to cause a denial of service...

Security Bulletin: IBM Storage Protect is vulnerable to a denial of service attack due to Google Gson (CVE-2022-25647)

Summary IBM Spectrum Protect is uses Google Gson for object serialization and is vulnerable to this attack. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace method, ...

Exploit for Deserialization of Untrusted Data in Spip

---- CVE-2023-273...

USN-6167-1: QEMU vulnerabilities

It was discovered that QEMU did not properly manage the guest drivers when shared buffers are not allocated. A malicious guest driver could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubunt...