2521 matches found
PT-2025-29948 · Openzeppelin · Openzeppelin Contracts
Name of the Vulnerable Software and Affected Versions: OpenZeppelin Contracts versions 5.2.0 through 5.3.9 Description: The lastIndexOfbytes,byte,uint256 function within the Bytes.sol library may access uninitialized memory under specific conditions. This occurs when the provided buffer length is...
zlib: Out-of-bound pointer arithmetic in inftrees.c
A vulnerability was discovered in the inftrees.c file of zlib. Pointer arithmetic operations violate the C standard by subtracting an offset from an array pointer before its allocated memory, leading to undefined behavior...
static-alloc vulnerability leads to uninitialized read after allocating MemBump
The affected function, MemBump::new, would allocate memory without initializing it. Subsequently calling the created value's various allocmethods would then read and write the start of that memory as a Cell which isundefined behavior. Instead, it should zero initialize the start of the allocated...
Uninitialized read after allocating MemBump
The affected function, MemBump::new, would allocate memory without initializing it. Subsequently calling the created value's various alloc methods would then read and write the start of that memory as a Cell which is undefined behavior. Instead, it should zero initialize the start of the allocate...
RUSTSEC-2025-0042 Uninitialized read after allocating MemBump
The affected function, MemBump::new, would allocate memory without initializing it. Subsequently calling the created value's various alloc methods would then read and write the start of that memory as a Cell which is undefined behavior. Instead, it should zero initialize the start of the allocate...
PT-2025-30366 · Crates.Io · Static-Alloc
The affected function, MemBump::new, would allocate memory without initializing it. Subsequently calling the created value's various allocmethods would then read and write the start of that memory as a Cell which isundefined behavior. Instead, it should zero initialize the start of the allocated...
PT-2025-30314 · Crates.Io · Static-Alloc
The affected function, MemBump::new, would allocate memory without initializing it. Subsequently calling the created value's various alloc methods would then read and write the start of that memory as a Cell which is undefined behavior. Instead, it should zero initialize the start of the allocate...
SUSE CVE-2025-38277
In the Linux kernel, the following vulnerability has been resolved: mtd: nand: ecc-mxic: Fix use of uninitialized variable ret If ctx-steps is zero, the loop processing ECC steps is skipped, and the variable ret remains uninitialized. It is later checked and returned, which leads to undefined...
CVE-2025-38277
In the Linux kernel, the following vulnerability has been resolved: mtd: nand: ecc-mxic: Fix use of uninitialized variable ret If ctx-steps is zero, the loop processing ECC steps is skipped, and the variable ret remains uninitialized. It is later checked and returned, which leads to undefined...
CVE-2025-38277
CVE-2025-38277 affects the Linux kernel mtd: nand: ecc-mxic code. The bug occurs when ctx->steps is zero: the loop over ECC steps is skipped and ret is left uninitialized, later checked/returned, causing undefined behavior and potential user-space disruption or kernel crashes. The fix initiali...
CVE-2025-38277 mtd: nand: ecc-mxic: Fix use of uninitialized variable ret
In the Linux kernel, the following vulnerability has been resolved: mtd: nand: ecc-mxic: Fix use of uninitialized variable ret If ctx-steps is zero, the loop processing ECC steps is skipped, and the variable ret remains uninitialized. It is later checked and returned, which leads to undefined...
zlib: Out-of-bound pointer arithmetic in inftrees.c
A vulnerability was discovered in the inftrees.c file of zlib. Pointer arithmetic operations violate the C standard by subtracting an offset from an array pointer before its allocated memory, leading to undefined behavior...
PT-2025-32998
Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 6.9.13-27 ImageMagick versions prior to 7.1.2-1 Description: ImageMagick is a free and open-source software suite for editing and manipulating digital images. A function-type-mismatch exists in the splay tree...
CVE-2025-38230
In the Linux kernel, the following vulnerability has been resolved: jfs: validate AG parameters in dbMount to prevent crashes Validate dbagheight, dbagwidth, and dbagstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL,...
CVE-2025-38230 jfs: validate AG parameters in dbMount() to prevent crashes
In the Linux kernel, the following vulnerability has been resolved: jfs: validate AG parameters in dbMount to prevent crashes Validate dbagheight, dbagwidth, and dbagstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL,...
CVE-2025-38230
CVE-2025-38230 concerns the Linux kernel’s JFS subsystem. The issue arises from not validating AG parameters in dbMount(), allowing corrupted metadata to reach dbAllocAG and cause crashes. A UBSAN shift-out-of-bounds occurs in fs/jfs/jfs_dmap.c:1400 during dbAllocAG, as demonstrated by the trace ...
RVISmith: Fuzzing Compilers for RVV Intrinsics
Modern processors are equipped with single instruction multiple data SIMD instructions for fine-grained data parallelism. Compiler auto-vectorization techniques that target SIMD instructions face performance limitations due to insufficient information available at compile time, requiring...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a TOCTOU competition condition leading to undefined behavior...
OESA-2025-1692 firefox security update
Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: The ShmemCharMapHashEntry code was susceptible to potentially undefined behavior by bypassing the move semantics for one ...
OESA-2025-1691 firefox security update
Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: The ShmemCharMapHashEntry code was susceptible to potentially undefined behavior by bypassing the move semantics for one ...