2519 matches found
ntru-rs has unsound FFI: Wrong API usage causes write past allocated area
The following usage causes undefined behavior. rust let kp: ntru::types::KeyPair = …; kp.getpublic.exportDefault::default When compiled with debug assertions, the code above will trigger a attempt to subtract with overflow panic before UB occurs. Other mistakes e.g. using EncParams from a differe...
GHSA-FQ33-VMHV-48XH ntru-rs has unsound FFI: Wrong API usage causes write past allocated area
The following usage causes undefined behavior. rust let kp: ntru::types::KeyPair = …; kp.getpublic.exportDefault::default When compiled with debug assertions, the code above will trigger a attempt to subtract with overflow panic before UB occurs. Other mistakes e.g. using EncParams from a differe...
Unsound FFI: Wrong API usage causes write past allocated area
The following usage causes undefined behavior. rust let kp: ntru::types::KeyPair = …; kp.getpublic.exportDefault::default When compiled with debug assertions, the code above will trigger a attempt to subtract with overflow panic before UB occurs. Other mistakes e.g. using EncParams from a differe...
RUSTSEC-2023-0032 Unsound FFI: Wrong API usage causes write past allocated area
The following usage causes undefined behavior. rust let kp: ntru::types::KeyPair = …; kp.getpublic.exportDefault::default When compiled with debug assertions, the code above will trigger a attempt to subtract with overflow panic before UB occurs. Other mistakes e.g. using EncParams from a differe...
[SECURITY] [DLA 3357-1] imagemagick security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3357-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès March 11, 2023 https://wiki.debian.org/LTS -...
Maligned causes incorrect deallocation
maligned::alignfirst manually allocates with an alignment larger than T, and then uses Vec::fromrawparts on that allocation to get a Vec. GlobalAlloc::dealloc requires that the layout argument must be the same layout that was used to allocate that block of memory. When deallocating, Box and Vec m...
GHSA-WM8X-PHP5-HVQ6 Maligned causes incorrect deallocation
maligned::alignfirst manually allocates with an alignment larger than T, and then uses Vec::fromrawparts on that allocation to get a Vec. GlobalAlloc::dealloc requires that the layout argument must be the same layout that was used to allocate that block of memory. When deallocating, Box and Vec m...
SUSE CVE-2023-25736
An invalid downcast from nsHTMLDocument to nsIContent could have lead to undefined behavior. This vulnerability affects Firefox 110...
Medium: ImageMagick
Issue Overview: An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum function in MagickCore/quantum-export.c. Function calls to GetPixelIndex could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file,...
RUSTSEC-2023-0017 `maligned::align_first` causes incorrect deallocation
maligned::alignfirst manually allocates with an alignment larger than T, and then uses Vec::fromrawparts on that allocation to get a Vec. GlobalAlloc::dealloc requires that the layout argument must be the same layout that was used to allocate that block of memory. When deallocating, Box and Vec m...
Mozilla Firefox Code Execution Vulnerability (CNVD-2023-68438)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 110, which stems from an invalid down conversion in GetTableSelectionMode, and can be exploited by attackers to cause undefined...
Unspecified Vulnerability in Mozilla Firefox (CNVD-2023-68437)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 110, which stems from an invalid down conversion in GetTableSelectionMode, and can be exploited by attackers to cause undefined...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 110, which stems from an invalid down conversion in GetTableSelectionMode, and can be exploited by attackers to cause undefined...
Updated firefox packages fix security vulnerability
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled CVE-2023-0767. The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when...
Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry
The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior...
Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry
The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior...
Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry
The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior...
Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry
The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior...
Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry
The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior...
Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry
The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior...