17 matches found
CVE-2026-42328
go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.23.0, the DAG-CBOR and DAG-JSON decoders recurse on each nested map or list...
PT-2026-33373
Name of the Vulnerable Software and Affected Versions openCryptoki versions prior to 3.26.1 Description The BER/DER decoding functions in the shared common library asn1.c accept a raw pointer without a buffer length parameter and trust attacker-controlled BER length fields without validating them...
Towards Ultra-Low Latency: Binarized Neural Network Architectures for In-Vehicle Network Intrusion Detection
The Control Area Network CAN protocol is essential for in-vehicle communication, facilitating high-speed data exchange among Electronic Control Units ECUs. However, its inherent design lacks robust security features, rendering vehicles susceptible to cyberattacks. While recent research has...
EUVD-2025-32887
The NASAâs Interplanetary Overlay Network ION is an implementation of Delay/Disruption Tolerant Networking DTN. A BPv7 bundle with a malformed extension block causes uncontrolled memory allocation inside ION-DTN 4.1.3s, leading to receiver thread termination and a Denial-of-Service DoS. The...
gdkâpixbuf: Heapâbufferâoverflow in gdkâpixbuf
A flaw exists in gdkâpixbuf within the gdkpixbufjpegimageloadincrement function io-jpeg.c and in glibâs gbase64encodestep glib/gbase64.c. When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory,...
SwiftASN1 ćźć šæŒæŽ
SwiftASN1 is an open source ASN.1 implementation of Swift by Apple. A security vulnerability exists in SwiftASN1 versions prior to 1.3.0 that stems from incorrect assumptions about the form of an object when parsing certain BER/DER constructs, which triggers a precondition failure when these...
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion
A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...
GHSA-PFR9-2P92-QRHQ Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function
The heap-buffer-overflow is triggered in the strlen function when handling the ccharstostr function in the dbn crate. This vulnerability occurs because the CStr::fromptr function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars arr...
Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function
The heap-buffer-overflow is triggered in the strlen function when handling the ccharstostr function in the dbn crate. This vulnerability occurs because the CStr::fromptr function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars arr...
This Week in Spring - October 25th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! When last we spoke, I was in Las Vegas, NV, for the JavaOne show. It was amazing! Im in sunny Singapore, then off to Malaysia and Thailand. Its the first time Ive been to any of these places since 2019! How good it is to be...
CVE-2022-36078 Slice Memory Allocation with Excessive Size Value in binary
Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with arbitrary excessive size value, which can either exhaust available memory or crash the whole program. When using...
CVE-2022-36078 Slice Memory Allocation with Excessive Size Value in binary
Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with arbitrary excessive size value, which can either exhaust available memory or crash the whole program. When using...
Infinite loop
Overview std/encoding/binary is a Go standard library package std/encoding/binary Affected versions of this package are vulnerable to Infinite loop. Go Vulnerability Report: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs.Certain invalid inputs to ReadUvarint ...
CVE-2020-16845
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs...
UBUNTU-CVE-2016-2053
The asn1berdecoder function in lib/asn1decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service panic via an ASN.1 BER file that lacks a public key, leading to mishandling by the publickeyverifysignature function in crypto/asymmetrickeys/publickey.c...
[SECURITY] Fedora 18 Update: nodejs-hoek-0.9.1-1.fc18
This package contains some general purpose Node.js utilities, including utilities for working with objects, timers, binary encoding/decoding, escap ing characters, errors, and loading files...
Clearswift MAILsweeper protection bypass
If MIME-Version header is missed or binary encoding is used attachments are not recognized...