PT-2019-4482

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.1 through 1.1.1d OpenSSL versions 1.0.2 through 1.0.2t Description The issue is related to an overflow bug in the x64 64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are...

CVE-2018-3983

An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the result. Usage of this...

The vulnerability of the sbrDecodeSingleFramePS function in the Freeware Advanced Audio Decoder 2 (FAAD2) allows a intruder to cause a service failure.

The vulnerability of the sbrDecodeSingleFramePS function in the Freeware Advanced Audio Decoder 2 FAAD2 is related to a pointer arithmetic error, which leads to a memory access that goes beyond the bounds of the memory buffer. Exploiting this vulnerability could allow an attacker to cause a syste...

The vulnerability of the hf_assembly function in the Freeware Advanced Audio Decoder 2 (FAAD2) allows a hacker to trigger a service failure.

The vulnerability of the hfassembly function in the Freeware Advanced Audio Decoder 2 FAAD2 is related to a pointer arithmetic error, which leads to a memory access that goes beyond the boundaries of the memory buffer. Exploiting this vulnerability could allow an attacker to cause a system failur...

The vulnerability of the nbd_genl_status function in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the nbdgenlstatus function drivers/block/nbd in the Linux kernel is related to pointer arithmetic errors. Exploiting this vulnerability can allow an attacker to cause a service failure through a specially created application...

The vulnerability in the drivers/net/wireless/ath/ath6kl/usb.c file of Linux operating systems, related to pointer arithmetic errors, allows a hacker to cause a service failure.

The vulnerability in the drivers/net/wireless/ath/ath6kl/usb.c file of Linux operating systems is related to pointer assignment errors. Exploiting this vulnerability allows an attacker to cause service failures...

The vulnerability of the gpg data encryption tool from the gnupg package, related to errors in pointer arithmetic, allows a perpetrator to trigger a service failure.

The vulnerability of the gpg data encryption tool from the gnupg package is related to errors in pointer arithmetic. Exploiting this vulnerability could allow an attacker to trigger a service failure, by passing a specially crafted file as an argument to the command line...

The vulnerability of the __strlen_sse2_pminub function in the infotocap utility from the ncurses-bin package allows a hacker to cause a service failure.

The vulnerability of the strlensse2pminub function located in the file sysdeps/x8664/multiarch/strlen-sse2-pminub.S:39 in the infotocap utility from the ncurses-bin package is related to errors in pointer arithmetic. Exploiting this vulnerability could allow an attacker to cause a system failure ...

The vulnerability of the syntax analysis procedure for Python interpreter certificates allows attackers to trigger a service failure.

The vulnerability of the syntax analysis procedure for Python interpreter certificates is related to pointer arithmetic errors. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...

The vulnerability in the implementation of the NFS protocol in Linux operating systems allows a hacker to trigger a service failure.

The vulnerability of the NFS protocol implementation in Linux operating systems is related to pointer arithmetic errors. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of Linux operating system kernels, related to pointer arithmetic that goes beyond the allowed values, allows attackers to execute attacks through side channels.

The vulnerability of Linux operating systems’ kernels kernel/bpf/verifyier.c is related to an offset out of bounds. Exploiting this vulnerability could allow an attacker to execute attacks through secondary channels...

The vulnerability of the lnstat network statistics collection program lies in the lack of checks for the correctness of mathematical operations, which allows a perpetrator to trigger a service failure.

The vulnerability of the lnstat network statistics collection program is related to the lack of checks for the correctness of mathematical operations. Exploiting this vulnerability could allow an attacker to cause the program to terminate abnormally due to a SIGFPE signal, caused by attempting to...

USN-4001-1 libseccomp vulnerability

Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators LT, GT, LE, GE. An attacker could use this to bypass intended access restrictions for argument-filtered system calls...

[SECURITY] Fedora 30 Update: gnome-calculator-3.32.1-2.fc30

gnome-calculator is a powerful graphical calculator with financial, logical and scientific modes. It uses a multiple precision package to do its arithmetic to give a high degree of accuracy...

The vulnerability of the libsolv library, related to pointer dereferencing errors, allows a hacker to trigger a service failure.

The vulnerability of the testcaseread function in the libsolv library is related to pointer arithmetic errors. Exploiting this vulnerability could allow a remote attacker to cause service failures...

The vulnerability of the testcase_str2dep_complex function in the libsolv library, which allows a hacker to cause a service failure.

The vulnerability of the testcasestr2depcomplex function in the library libsolv ext/testcase.c is related to pointer arithmetic errors. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

EulerOS Virtualization 2.5.3 : zlib (EulerOS-SA-2019-1276)

According to the versions of the zlib packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer...

The vulnerability of the Apache OpenOffice office software, related to arithmetic overflow, allows a hacker to trigger a service failure.

The vulnerability of the Apache OpenOffice office software package is related to arithmetic overflow. Exploiting this vulnerability can allow an attacker to trigger a service failure using a specially created document...

libseccomp < 2.4.0 - Incorrect Compilation of Arithmetic Comparisons

When libseccomp compiles filters for 64-bit systems, it needs to split 64-bit comparisons into 32-bit comparisons because classic BPF can't operate on 64-bit values directly. libseccomp offers both bitwise comparisons NE, EQ, MASKEDEQ and arithmetic comparisons LT, LE, GE, GT. Bitwise comparisons...

libseccomp 2.4.0 - Incorrect Compilation of Arithmetic Comparisons

libseccomp 2.4.0 - Incorrect Compilation of Arithmetic Comparisons When libseccomp compiles filters for 64-bit systems, it needs to split 64-bit comparisons into 32-bit comparisons because classic BPF can't operate on 64-bit values directly. libseccomp offers both bitwise comparisons NE, EQ,...