6899 matches found
json-c: Buffer Overflow
Background json-c is a JSON implementation in C. Description Please review the CVE identifier referenced below for details. Impact A stack-buffer-overflow exists in the auxiliary sample program jsonparse which is located in the function parseit. Workaround There is no known workaround at this tim...
SUSE-SU-2024:2784-1 Security update for curl
This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread bsc1228535 - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str bsc1227888...
DEBIAN-CVE-2024-7538
oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...
OSV-2024-695 Stack-buffer-overflow in gf_vvc_parse_nalu_bs
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70549 Crash type: Stack-buffer-overflow WRITE 4 Crash state: gfvvcparsenalubs gfinspectdumpnaluinternal inspectprocess...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : espeak-ng (SUSE-SU-2024:2632-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2632-1 advisory. - CVE-2023-49990: Fixed buffer overflow in SetUpPhonemeTable function at synthdata.c bsc1218010 ...
SUSE-SU-2024:2632-1 Security update for espeak-ng
This update for espeak-ng fixes the following issues: - CVE-2023-49990: Fixed buffer overflow in SetUpPhonemeTable function at synthdata.c bsc1218010 - CVE-2023-49991: Fixed stack-buffer-underflow exists in the function CountVowelPosition in synthdata.c bsc1218006 - CVE-2023-49992: Fixed...
DEBIAN-CVE-2024-6197
libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...
AZL-47028 CVE-2024-6197 affecting package cmake for versions less than 3.30.3-2
libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...
AZL-49664 CVE-2024-6874 affecting package cmake for versions less than 3.30.3-2
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
ALPINE-CVE-2024-6874
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
CVE-2024-6874
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
freeing stack buffer in utf8asn1str
libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. It can detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte local stack buffer. Most modern malloc implementations detect this error and immediately abort...
macidn punycode buffer overread
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
CURL-CVE-2024-6197 freeing stack buffer in utf8asn1str
libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. It can detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte local stack buffer. Most modern malloc implementations detect this error and immediately abort...
CVE-2024-6874 macidn punycode buffer overread
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
CVE-2024-6874
libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...
CVE-2024-6197 freeing stack buffer in utf8asn1str
libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...
CVE-2024-6197 freeing stack buffer in utf8asn1str
libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...
CVE-2024-6197
CVE-2024-6197 affects libcurl’s ASN.1 parser (utf8asn1str) where freeing a 4-byte local stack buffer on error can corrupt nearby stack memory depending on the malloc implementation; outcome most often is a crash, with remote exploitation not detailed in the provided documents. Connected sources c...
Internet Bug Bounty: curl: stack-buffer overread during punycode conversions
The vulnerability in libcurl's URL API function curlurlget was discovered, where it performed punycode conversions. When converting a 256-byte domain name, the function read outside of a stack-based buffer, potentially leaking adjacent stack memory as part of the converted string. The flaw was...