18 matches found
EUVD-2025-14947
Malicious code in bioql PyPI...
EUVD-2022-4611
Malicious code in bioql PyPI...
CVE-2025-47436
Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory...
CVE-2025-47436
Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory...
CVE-2025-47436
Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory...
AZL-61829 CVE-2025-47436 affecting package orc 0.4.31-4
Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory...
AZL-61836 CVE-2025-47436 affecting package orc 0.4.39-2
Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory...
CVE-2025-47436 Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression
Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory...
CVE-2025-47436 Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression
Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory...
CVE-2025-47436
Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory...
CVE-2025-47436
CVE-2025-47436 (Apache ORC) : A heap-based buffer overflow found in the ORC C++ LZO decompression logic. Malformed ORC files can cause the decompressor to allocate a 250-byte buffer but copy 295 bytes, causing memory corruption. Affected versions (as documented): 1.8.0–1.8.8; 1.9.0–1.9.5; 2.0.0–2...
Apache ORC 安全漏洞
Apache ORC is a high-performance columnar storage format from the Apache Foundation, designed for the Hadoop ecosystem to optimize big data query and analysis performance. A security vulnerability exists in Apache ORC 2.1.1 and earlier versions, which stems from a heap buffer overflow in the LZO...
PT-2025-21026 · Apache · Apache Orc
Name of the Vulnerable Software and Affected Versions: Apache ORC versions 1.8.0 through 1.8.8 Apache ORC versions 1.9.0 through 1.9.5 Apache ORC versions 2.0.0 through 2.0.4 Apache ORC versions 2.1.0 through 2.1.1 Description: A Heap-based Buffer Overflow vulnerability has been identified in the...
Apache ORC vulnerable to Uncontrolled Recursion
In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the...
Advisory ROSA-SA-2021-1941
Software: orc 0.4.26 OS: Cobalt 7.9 CVE-ID: CVE-2018-8015 CVE-Crit: HIGH CVE-DESC: In Apache ORC 1.0.0-1.4.3, a corrupted ORC file can trigger an infinitely recursive function call in a C ++ or Java parser. The consequence of this error is likely to be a denial of service for software that uses t...
CVE-2018-8015
In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the...
CVE-2018-8015
In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the...
CVE-2018-8015
In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the...