Memory Exhaustion in Expr Parser with Unrestricted Input

Impact If the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios where input size isn’t limited, a malicious or inadvertent extremely large expression c...

CVE-2025-29786

A flaw was found in Expr. This vulnerability allows excessive memory usage and potential out-of-memory OOM crashes via unbounded input strings, where a malicious or inadvertent large expression can cause the parser to construct an extremely large Abstract Syntax Tree AST, consuming excessive...

DEBIAN-CVE-2025-29786

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios wher...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the parseExpression function in parser.go, due to the unrestricted size of input strings, which can cause the generation of large Abstract Syntax Trees ASTs. An attacker can crash...

CVE-2025-29786 Memory Exhaustion in Expr Parser with Unrestricted Input

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios wher...

CVE-2025-29786 Memory Exhaustion in Expr Parser with Unrestricted Input

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios wher...

CVE-2025-29786

CVE-2025-29786 concerns the Expr expression parser (Go). Prior to 1.17.0, unbounded input can cause the parser to build an excessively large AST, leading to high memory usage or an OOM crash. The issue is mitigated by a patch in 1.17.0 that enforces node budget and memory limits during parsing. R...

xorg: xwayland: Use of uninitialized pointer in compRedirectWindow()

An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow will return a BadAlloc error without validating the window tree marked just before, which leaves the...

btrfs: avoid NULL pointer dereference if no valid extent tree

...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. An attacker with create pod permission could access local git repositories belonging to other pods on the same node by exploiting this vulnerability. Notes: 1 This is only exploitable if the cluster still uses...

DEBIAN-CVE-2025-1767

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remai...

CVE-2024-58089 btrfs: fix double accounting race when btrfs_run_delalloc_range() failed

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double accounting race when btrfsrundelallocrange failed BUG When running btrfs with block size 4K smaller than page size 64K, aarch64, there is a very high chance to crash the kernel at generic/750, with the following...

Malicious code in nodes-tree-visualizer-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f2268ec6364a3c145eaefc143677f3caf0d603a4fb921c9d8ed782d3133687a3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a

...

SUSE CVE-2024-58058

In the Linux kernel, the following vulnerability has been resolved: ubifs: skip dumping tnc tree when zroot is null Clearing slab cache will free all znode in memory and make c-zroot.znode = NULL, then dumping tnc tree will access c-zroot.znode which cause null pointer dereference...

DEBIAN-CVE-2024-58082

In the Linux kernel, the following vulnerability has been resolved: media: nuvoton: Fix an error check in npcmvideoeceinit When function offinddevicebynode fails, it returns NULL instead of an error code. So the corresponding error check logic should be modified to check whether the return value ...

AZL-59139 CVE-2024-58058 affecting package kernel for versions less than 5.15.180.1-1

In the Linux kernel, the following vulnerability has been resolved: ubifs: skip dumping tnc tree when zroot is null Clearing slab cache will free all znode in memory and make c-zroot.znode = NULL, then dumping tnc tree will access c-zroot.znode which cause null pointer dereference...

UBUNTU-CVE-2024-58058

In the Linux kernel, the following vulnerability has been resolved: ubifs: skip dumping tnc tree when zroot is null Clearing slab cache will free all znode in memory and make c-zroot.znode = NULL, then dumping tnc tree will access c-zroot.znode which cause null pointer dereference...

CVE-2024-58058 ubifs: skip dumping tnc tree when zroot is null

In the Linux kernel, the following vulnerability has been resolved: ubifs: skip dumping tnc tree when zroot is null Clearing slab cache will free all znode in memory and make c-zroot.znode = NULL, then dumping tnc tree will access c-zroot.znode which cause null pointer dereference...

CVE-2024-58058 ubifs: skip dumping tnc tree when zroot is null

In the Linux kernel, the following vulnerability has been resolved: ubifs: skip dumping tnc tree when zroot is null Clearing slab cache will free all znode in memory and make c-zroot.znode = NULL, then dumping tnc tree will access c-zroot.znode which cause null pointer dereference...