1404 matches found
GO-2022-0435 Panic due to large inputs affecting P-256 curves in crypto/elliptic
A crafted scalar input longer than 32 bytes can cause P256.ScalarMult or P256.ScalarBaseMult to panic. Indirect uses through crypto/ecdsa and crypto/tls are unaffected. amd64, arm64, ppc64le, and s390x are unaffected...
Insecure Cryptographic Function
amd64-microcode has insecure cryptographic function. The vulnerable exists due to an insecure cryptographic implementation...
[ASA-202204-4] rizin: multiple issues
Arch Linux Security Advisory ASA-202204-4 ========================================= Severity: Medium Date : 2022-04-04 CVE-ID : CVE-2021-4022 CVE-2021-43814 Package : rizin Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-2590 Summary ======= The package rizin before...
NULL Pointer Dereference
Description There is a NULL Pointer Dereference in mrbvmexec vm.c:1929. This bug has been found on mruby lastest commit hash c2f7ed514dfa0fcae2e7e72d51f25be3d3d6d72c on Ubuntu 20.04 for x8664/amd64. Proof of Concept 1- Clone repo and build with ASAN using MRUBYCONFIG=buildconfig/clang-asan.rb rak...
in mruby/mruby
Description There is a NULL Pointer Dereference in aryconcat array.c:301. This bug has been found on mruby lastest commit hash ecb28f4bf463483cf914c799d086b0cfff997aee on Ubuntu 20.04 for x8664/amd64. Proof of Concept The crash is not reproducible in a debug build, so a release build config must ...
in mruby/mruby
Description There is a NULL Pointer Dereference in ivfree src/variable.c:232:20. This bug has been found on mruby lastest commit hash 00f2b74ab2c1f03084908c815dcd0934f9fc702a on Ubuntu 20.04 for x8664/amd64. Proof of Concept 3.timese=0," =c= y:0,0 0" Steps to reproduce 1- Clone repo and build wit...
in mruby/mruby
Description There is a NULL Pointer Dereference in ivfree src/variable.c:232:20. This bug has been found on mruby lastest commit hash 31fa3304049fc406a201a72293cce140f0557dca on Ubuntu 20.04 for x8664/amd64. Proof of Concept 6.times3.times%until-break b= 0,m:0 s=0 Steps to reproduce 1- Clone repo...
in mruby/mruby
Description There is a NULL Pointer Dereference in preparesingletonclass src/class.c:360:13. This bug has been found on mruby lastest commit hash 171d32c0071d776207174a40a8fa26def3dbb931 on Ubuntu 20.04 for x8664/amd64. Proof of Concept 1.timesb= a=0 0,m:0 c=0=0,nil=nil0 def mend def c.eend Steps...
Rizin buffer overflow vulnerability
Rizin is a free open source reverse engineering framework from the Rizin organization. It is used to analyze binaries, disassemble code, debug programs, as a forensic tool, as a command-line hex editor that can open disk files that can be scripted, etc. Rizin 0.3.1 and earlier versions have a...
CVE-2021-43814
Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parsedie when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin ma...
CVE-2021-43814
Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parsedie when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin ma...
Heap overflow
Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parsedie when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin ma...
CVE-2021-43814
CVE-2021-43814 affects Rizin up to version 0.3.1, with a heap-based out-of-bounds write in parse_die() when reversing AMD64 ELF binaries with DWARF info. This can allow a malicious binary to cause a crash or arbitrary actions and potentially code execution. Upstream remediation is available in 0....
kernel security, bug fix, and enhancement update
4.18.0-305.25.14.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
New Linux kernel memory corruption bug causes full system compromise
By Waqas Researchers dubbed it a "straightforward Linux kernel locking bug" that they exploited against Debian Buster's 4.19.0.13-amd64 kernel. This is a post from HackRead.com Read the original post: New Linux kernel memory corruption bug causes full system compromise...
[SECURITY] [DLA 2743-2] amd64-microcode update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2743-2 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta October 18, 2021 https://wiki.debian.org/LTS -...
Debian DLA-2743-1 : amd64-microcode - LTS security update
The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2743 advisory. It was discovered that systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an...
DLA-2743-2 amd64-microcode - regression update
Bulletin has no description...
DLA-2743-1 amd64-microcode - security update
Bulletin has no description...
Debian: Security Advisory (DLA-2743)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...