MAL-2023-1320 Malicious code in texture-allocator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 295589602f0c0baf1ed21fb915589780ccee883cf28e0458728a211b840b4bae The OpenSSF Package Analysis project identified 'texture-allocator' @ 99.99.80 npm as malicious. It is considered malicious because: - The packa...

OSV-2023-346 UNKNOWN WRITE in void std::__1::allocator_traits<std::__1::allocator<wabt::interp::HandlerDesc> >

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58344 Crash type: UNKNOWN WRITE Crash state: void std::1::allocatortraits void std::1::vectorwabt::interp::HandlerDesc, std::1::allocatorwabt::inter std::1::vectorwabt::interp::HandlerDesc, std::1::allocatorwabt::interp::Ha...

PT-2023-35798 · Git +1 · Wabt

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A crash has been reported with an unknown write issue. The crash involves the std:: 1::allocator traits and std:: 1::vector functions, specifically with...

Siemens Multiple RTOS Integer Overflow or Wraparound (CVE-2020-35198)

An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc. As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption...

CVE-2023-24823

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header...

Type confusion

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header...

CVE-2023-24823 RIOT-OS vulnerable to Packet Type Confusion during IPHC send

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header...

CVE-2023-24819

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be us...

Out-of-bounds

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be us...

CVE-2023-24819 RIOT-OS vulnerable to Buffer Overflow during IPHC receive

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be us...

PT-2023-19805 · Riot-Os · Riot-Os

Name of the Vulnerable Software and Affected Versions: RIOT-OS versions prior to 2022.10 Description: The issue arises from a type confusion between IPv6 extension headers and a UDP header while encoding a 6LoWPAN IPHC header in the network stack. This type confusion results in an out of bounds...

PT-2023-19800 · Riot-Os · Riot-Os

Name of the Vulnerable Software and Affected Versions: RIOT-OS versions prior to 2022.10 Description: The network stack in RIOT-OS, which supports Internet of Things devices, contains a flaw in its ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device, resulting in...

CVE-2023-22808

An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0...

ARM Mali GPU Kernel Driver 缓冲区错误漏洞

ARM Mali GPU Kernel Driver is a driver for a graphics processor unit from ARM UK. A security vulnerability exists in the ARM Mali GPU Kernel Driver that originates from an unprivileged user being able to read a small portion of the allocator process memory...

Malicious Package

Overview texture-allocator is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

K16946: Boost memory allocator vulnerability CVE-2012-2677

Security Advisory Description Integer overflow in the orderedmalloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to ...

SUSE CVE-2013-5717

The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service application crash via a crafted packet that is not properly handled by the wmemblockalloc function in...

SUSE CVE-2015-0828

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via crafted JavaScript code that makes an...

SUSE CVE-2015-6242

The wmemblocksplitfreechunk function in epan/wmem/wmemallocatorblock.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote...

SUSE CVE-2016-10723

An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oomlock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator e.g., via concurrent page fault...