11 matches found
CVE-2026-10666 Stack buffer overflow in `net_ipaddr_parse()` IPv4 address-with-port parsing in `subsys/net/ip/utils.c`
parseipv4 in subsys/net/ip/utils.c reached via netipaddrparse for strings of the form "a.b.c.d:port" copies the port substring into a fixed 17-byte stack buffer char ipaddrNETIPV4ADDRLEN + 1 using a length of strlen - end - 1, where strlen is the full, unbounded input length and end is only the...
GO-2026-5609 OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS) in github.com/openbao/openbao
OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction DoS in github.com/openbao/openbao...
OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)
Summary ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. An attacker who controls or compromises the OCI registry referenced in the victim's...
GHSA-R65V-XGWC-G56J OpenBao: Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)
Summary ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. An attacker who controls or compromises the OCI registry referenced in the victim's...
CVE-2026-39396 OpenBao has Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. ...
CVE-2026-39396 OpenBao has Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. ...
CVE-2026-39396
OpenBao is vulnerable to a DoS via a decompression bomb in its OCI plugin extraction. Before version 2.5.3, ExtractPluginFromImage() streams decompressed tar data with no upper bound, using io.Copy without size checks. If an attacker controls the OCI registry, they can serve a crafted image that ...
CVE-2026-22184
zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz...
CVE-2004-0891
Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer...
xshisen -- local buffer overflows
Steve Kemp has found buffer overflows in the handling of the command line flag -KCONV and the XSHISENLIB environment variable. Ulf Härnhammer has detected an unbounded copy from the GECOS field to a char array. All overflows can be exploited to gain group games privileges...
gaim -- buffer overflow in MSN protocol support
Due to a buffer overflow in the MSN protocol support for gaim 0.79 to 1.0.1, it is possible for remote clients to do a denial-of-service attack on the application. This is caused by an unbounded copy operation, which writes to the wrong buffer...