PT-2026-47303

Name of the Vulnerable Software and Affected Versions Routinator affected versions not specified Description Routinator crashes when a specifically crafted non-UTF-8 string is sent as the select-asn query parameter to the '/api/v1/origins' endpoint. This issue specifically impacts users who permi...

Cisco Secure Endpoint 安全漏洞

Cisco Secure Endpoint Cisco AMP for Endpoints is a terminal application developed by Cisco, Inc., that integrates static and dynamic malware analysis along with threat intelligence. There is a security vulnerability in Cisco Secure Endpoint, which stems from improper error handling during the...

freeing stack buffer in utf8asn1str

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. It can detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte local stack buffer. Most modern malloc implementations detect this error and immediately abort...

UBUNTU-CVE-2024-6197

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

UBUNTU-CVE-2022-22895

Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ecmautf8stringtonumberbyradix in /jerry-core/ecma/base/ecma-helpers-conversion.c...

GPAC 缓冲区错误漏洞

GPAC is a multimedia framework for rich media and is distributed under the LGPL license. a heap buffer overflow vulnerability exists in the ODReadUTF8String function in odfcode.c in GPAC version 0.8.0. An attacker could exploit the vulnerability to cause a denial of service via specially crafted...

UBUNTU-CVE-2020-36317

In the standard library in Rust before 1.49.0, String::retain function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the sa...

nodejs: memory corruption in napi_get_value_string_* functions

A flaw was found in nodejs. Calling napigetvaluestringlatin1, napigetvaluestringutf8, or napigetvaluestringutf16 with a non-NULL buf, and a bufsize of 0 will cause the entire string value to be written to buf, probably overrunning the length of the buffer...

DEBIAN-CVE-2018-16429

GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in gmarkupparsecontextparse in gmarkup.c, related to utf8str...

UBUNTU-CVE-2018-16429

GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in gmarkupparsecontextparse in gmarkup.c, related to utf8str...

glibc: fnmatch() alloca()-based memory corruption flaw

The GNU C Library aka glibc or libc6 before 2.12.2 and Embedded GLIBC EGLIBC allow context-dependent attackers to execute arbitrary code or cause a denial of service memory consumption via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to...

DEBIAN-CVE-2011-1071

The GNU C Library aka glibc or libc6 before 2.12.2 and Embedded GLIBC EGLIBC allow context-dependent attackers to execute arbitrary code or cause a denial of service memory consumption via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to...

glibc: fnmatch() alloca()-based memory corruption flaw

Integer overflow in posix/fnmatch.c in the GNU C Library aka glibc or libc6 2.13 and earlier allows context-dependent attackers to cause a denial of service application crash via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than...