Lucene search
+L

26 matches found

OSV
OSV
added 2026/07/06 3:28 p.m.5 views

BIT-PYTHON-MIN-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure

Use-after-free UAF was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling...

9.1CVSS5.7AI score0.00579EPSS
Exploits0References54
NVD
NVD
added 2026/06/30 10:16 p.m.8 views

CVE-2026-57585

MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading to a DoS attack. If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. This...

7.5CVSS0.00278EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 9:36 p.m.3 views

CVE-2026-57585 MessagePack: Out-of-bounds read/crash on Unpacker reuse after caught error

MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading to a DoS attack. If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. This...

7.5CVSS5.9AI score0.00278EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 7:40 a.m.10 views

BIT-PYTHON-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow

bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer...

8.2CVSS5.4AI score0.00433EPSS
Exploits0References10
OSV
OSV
added 2026/06/25 7:36 a.m.11 views

BIT-LIBPYTHON-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow

bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer...

8.2CVSS5.4AI score0.00433EPSS
Exploits0References10
OSV
OSV
added 2026/06/08 11:17 p.m.8 views

DEBIAN-CVE-2026-9669

bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer...

8.2CVSS5.4AI score0.00433EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/08 10:1 p.m.73 views

CVE-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow

bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer...

8.2CVSS0.00433EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/08 10:1 p.m.8 views

CVE-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow

bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer...

8.2CVSS5.2AI score0.00433EPSS
Exploits0References8
CVE
CVE
added 2026/06/08 10:1 p.m.181 views

CVE-2026-9669

The CVE affects Python’s bz2.BZ2Decompressor: objects could be reused after a decompression error, allowing an application that catches OSError and retries with the same decompressor to resume in an invalid internal state and perform out-of-bounds writes to a stack buffer, possibly crashing the p...

8.2CVSS5.4AI score0.00433EPSS
Exploits0References9
OSV
OSV
added 2026/06/08 10:1 p.m.3 views

CVE-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow

bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer...

8.2CVSS6AI score0.00433EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/05/14 11:11 a.m.12 views

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

9.1CVSS7.7AI score0.00579EPSS
Exploits0References10
OSV
OSV
added 2026/03/25 10:27 a.m.5 views

CVE-2026-23356 drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock()

In the Linux kernel, the following vulnerability has been resolved: drbd: fix "LOGIC BUG" in drbdalbeginiononblock Even though we check that we "should" be able to do lcgetcumulative while holding the device-allock spinlock, it may still fail, if some other code path decided to do lctrylock with...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References11
NVD
NVD
added 2026/03/05 10:16 p.m.7 views

CVE-2026-28481

OpenClaw versions 2026.1.30 and earlier, contain an information disclosure vulnerability, patched in 2026.2.1, in the MS Teams attachment downloader optional extension must be enabled that leaks bearer tokens to allowlisted suffix domains. When retrying downloads after receiving 401 or 403...

7.5CVSS0.0026EPSS
Exploits0References3
Amazon
Amazon
added 2026/01/07 12:0 a.m.8 views

Medium: nodejs22

Issue Overview: Use after free due to connection being cleaned up after error CVE-2025-62408 Affected Packages: nodejs22 Issue Correction: Run dnf update nodejs22 --releasever 2023.10.20260105 or dnf update --advisory ALAS2023-2025-1347 --releasever 2023.10.20260105 to update your system. More...

5.9CVSS6.9AI score0.00396EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/08/16 12:0 a.m.9 views

PT-2025-33579 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a use-after-free flaw within the airoha npu get function. The vulnerability occurs because the np-name field is accessed after the associated node has been...

6AI score0.00143EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-38012

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: schedext: bpfiterscxdsqnew should always initialize iterator BPF programs may call next and...

5.5CVSS6.2AI score0.00157EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 3:2 a.m.7 views

CVE-2018-13899

Processing messages after error may result in user after free memory fault in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm...

7.8CVSS7.3AI score0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/01/04 12:0 a.m.16 views

PT-2024-1896 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.0-mainline-maybe-dirty 1 Description: The issue is related to a use-after-free vulnerability in the class register function. The lock class key is still registered and can be found in lock keys hash hlist...

7.8CVSS6.7AI score0.78388EPSS
Exploits2References472
RedHat Linux
RedHat Linux
added 2023/11/15 5:7 p.m.9 views

tomcat: improper cleaning of recycled objects could lead to information leak

A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information...

5.3CVSS6.8AI score0.0216EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2023/10/31 1:9 p.m.6 views

tomcat: improper cleaning of recycled objects could lead to information leak

A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information...

5.3CVSS6.8AI score0.0216EPSS
Exploits1References6
Rows per page
Query Builder