Stack buffer overflow in XML entity parsing

Description Attempting to parse a XML/SVG file containing an !ENTITY with a sufficiently long name into a fixed sized, stack allocated buffer causes an overflow. Proof of Concept ./bin/gcc/gpac -play ./poc-clean.svg poc-clean.svg available here GDB stack smashing detected : terminated Thread 1...

Netatalk 安全漏洞

Netatalk is open source software that provides AFP file server functionality for Classic Mac OS and macOS on Unix-like OS. A security vulnerability exists in Netatalk that stems from a failure to properly validate the length of user-supplied data before copying it to a fixed-length stack-based...

Netatalk 安全漏洞

Netatalk is open source software that provides AFP file server functionality for Classic Mac OS and macOS on Unix-like OS. A security vulnerability exists in Netatalk that originates when parsing len elements, where the process does not properly validate the length of user-supplied data before...

SUSE SLES15 Security Update : binutils (SUSE-SU-2022:0934-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0934-1 advisory. - For compatibility on old code stream that expect 'brcl 0,label' to not be disassembled as 'jgnop label' on s390x. bsc1192267 This...

CVE-2022-24764

PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API pjmediasdpprint, pjmediasdpmediaprint. Applications that do not use PJSUA2 and do not directly...

OSV-2022-270 Stack-buffer-overflow in fn_ElIn_evaluate

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45886 Crash type: Stack-buffer-overflow WRITE 4 Crash state: fnElInevaluate pdfisettransfer GSTR...

CVE-2022-24764 Stack buffer overflow in pjproject

PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API pjmediasdpprint, pjmediasdpmediaprint. Applications that do not use PJSUA2 and do not directly...

CVE-2022-24764 Stack buffer overflow in pjproject

PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API pjmediasdpprint, pjmediasdpmediaprint. Applications that do not use PJSUA2 and do not directly...

PT-2022-15866 · Netatalk +3 · Netatalk +3

Name of the Vulnerable Software and Affected Versions: Netatalk affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this issue. The specific flaw exists within th...

Huawei Emui and Magic UI video framework stack buffer overflow vulnerability

Huawei Emui is a mobile operating system developed on Android. Magic Ui is a mobile operating system developed on Android. Huawei Emui and Magic UI video framework are vulnerable to a stack buffer overflow vulnerability that can be exploited by attackers to impact usability...

Tenda AX12 Buffer Overflow Vulnerability

Tenda AX12 is a dual-band Gigabit Wifi 6 wireless router from Tenda China. A security vulnerability exists in Tenda AX12 v22.03.01.21, which originates from a stack buffer overflow contained in the function sub422CE4. An attacker can exploit this vulnerability to cause a denial of service DoS via...

RHEL 7 : .NET Core 3.1 on RHEL 7 (RHSA-2022:0829)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0829 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

OSV-2022-237 Stack-buffer-overflow in sc_format_oid

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45459 Crash type: Stack-buffer-overflow READ Crash state: scformatoid dostoredataobject fuzzpkcs15init.c...

CVE-2022-24754

PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials credentials with datatype PJSIPCREDDATADIGEST...

CVE-2022-24754

PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials credentials with datatype PJSIPCREDDATADIGEST...

CVE-2022-24754

The CVE-2022-24754 entry concerns PJSIP (pjproject) embedded in Ring. A stack-buffer overflow affects PJSIP users that accept hashed digest credentials (data_type PJSIP_CRED_DATA_DIGEST) in versions up to 2.12. The issue is resolved in the master branch and will be included in the next release; u...

The vulnerability of NETGEAR D7000 router’s built-in software arises from buffer overflows in the stack, allowing attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of NETGEAR D7000 router’s built-in software arises from buffer overflow on the stack. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

RHEL 8 : .NET Core 3.1 (RHSA-2022:0827)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0827 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

CVE-2022-24754 Buffer overflow in pjsip

PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials credentials with datatype PJSIPCREDDATADIGEST...

RHEL 7 : .NET 5.0 on RHEL 7 (RHSA-2022:0828)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0828 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...