Denial Of Service (DoS)

vim is vulnerable to denial of service. The vulnerability exists due to an Undefined Behavior allowing an attacker to crash the system via a maliciously crafted Input to API...

golang: crypto/elliptic: IsOnCurve returns true for invalid field elements

A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource...

OESA-2022-1810 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

vim diff_write_buffer function buffer overflow vulnerability

Vim is a cross-platform text editor. vim suffers from a buffer overflow vulnerability that results from undefined behavior in the diffwritebuffer function. An attacker could exploit this vulnerability to cause a buffer overflow...

CVE-2022-21788

In scp, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06988728; Issue ID: ALPS06988728...

CVE-2022-21788

In scp, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06988728; Issue ID: ALPS06988728...

CVE-2022-21788

In scp, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06988728; Issue ID: ALPS06988728...

CVE-2022-21788

CVE-2022-21788 affects the scp component and is caused by undefined behavior stemming from incorrect error handling. The issue can enable local privilege escalation with system execution privileges; exploitation does not require user interaction. A patch is identified (ALPS06988728/ALPS06988728) ...

golang: crypto/elliptic: IsOnCurve returns true for invalid field elements

A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource...

Vim 缓冲区错误漏洞

Vim is a cross-platform text editor. vim suffers from a buffer overflow vulnerability that results from undefined behavior in the diffwritebuffer function. An attacker could exploit this vulnerability to cause a buffer overflow...

Safety issues in `pkcs11`

Impact The interface of pkcs11 is subject to a number of safety issues, mainly related to handling of raw pointers. Despite presenting a safe interface, many of the functions and methods that rely on inputs which contain pointers attributes and mechanisms in particular can lead to segmentation...

USN-5523-1: LibTIFF vulnerabilities

It was discovered that LibTIFF was not properly performing checks to guarantee that allocated memory space existed, which could lead to a NULL pointer dereference via a specially crafted file. An attacker could possibly use this issue to cause a denial of service. CVE-2022-0907, CVE-2022-0908 It...

Undefined behavior in diff_write_buffer()

Description Undefined behavior. commit hash: 99af91e5820c78a196c9272cd8ce5aa5be7bf374 It may occur heap-buffer-overflow. Proof of Concept Download POC file POC GDB gdb-peda$ r -u NONE -i NONE -n -m -X -Z -e -s -S undefinedpoc -c :qa! 0000089bd31 in diffwritebuffer buf=0x62500000f100, din= at...

Integer Overflow in function lsr_translate_coords

Description Integer Overflow in function lsrtranslatecoords at laser/lsrdec.c:853 gpac version git log commit ea3af7c8242d1a82657dc3a518df5a5b1b5e27ed HEAD - master, origin/master, origin/HEAD Author: Romain Bouqueau Date: Tue Jun 28 19:25:58 2022 +0200 POC ./MP4Box -bt ./pocintof1s.dat...

Delegate functions are missing `Send` bound

Affected versions of this crate did not require event handlers to have Send bound despite there being no guarantee of them being called on any particular thread, which can potentially lead to data races and undefined behavior. The flaw was corrected in commit afe3252 by adding Send bounds...

GHSA-X4MQ-M75F-MX8M Delegate functions are missing `Send` bound

Affected versions of this crate did not require event handlers to have Send bound despite there being no guarantee of them being called on any particular thread, which can potentially lead to data races and undefined behavior. The flaw was corrected in commit afe3252 by adding Send bounds...

Duplicate Advisory: `Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qwvx-c8j7-5g75. This link is maintained to preserve external references. Original Description Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read...

GHSA-6692-8QQF-79JC Duplicate Advisory: `Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qwvx-c8j7-5g75. This link is maintained to preserve external references. Original Description Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read...

Optional `Deserialize` implementations lacking validation

When activating the non-default feature serialize, most structs implement serde::Deserialize without sufficient validation. This allows breaking invariants in safe code, leading to: Undefined behavior in asstring methods which use std::str::fromutf8unchecked internally. Panics due to failed...

Aliased mutable references from `tls_rand` & `TlsWyRand`

TlsWyRand's implementation of Deref unconditionally dereferences a raw pointer, and returns multiple mutable references to the same object, which is undefined behavior...