23 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-44673
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libyang is a YANG data modeling language library. Prior to SO 5.2.15, lybreadstring in src/parserlyb.c contains an integer overflow that results in a heap buffe...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the parsing process of Mach-O binaries, specifically when reading size and count fields such as DataSize, DataOffset, Size, Count, and Length without proper validation. An...
EUVD-2026-11329
Quill has unbounded memory allocation via unvalidated size fields in Mach-O binary parsing...
EUVD-2025-208412
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an...
Azure Linux 3.0 Security Update: python-tensorboard (CVE-2022-3171)
The version of python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3171 advisory. - A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3,...
EUVD-2024-0204
Malicious code in bioql PyPI...
shim: out of bounds read when parsing MZ binaries
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase...
Denial Of Service (DoS)
cbor2 is vulnerable to Denial of Service DoS. The vulnerability is due to missing exit code checks when computing a cbor2 hash, allowing an attacker to send a sufficiently long object during CBOR binary parsing, resulting in Denial of Service Dos...
CVE-2021-46791
Insufficient input validation during parsing of the System Management Mode SMM binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement DRTM user application memory that may result in a potential denial of service...
AMD System Management Mode 缓冲区错误漏洞
AMD System Management Mode is a system management mode from Ultraviolet Semiconductor AMD. A CPU execution mode. AMD System Management Mode suffers from a buffer error vulnerability that stems from insufficient validation of input when parsing binaries in its System Management Mode SMM could caus...
CVE-2021-46791
Insufficient input validation during parsing of the System Management Mode SMM binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement DRTM user application memory that may result in a potential denial of service...
OESA-2022-2012 protobuf security update
Security Fixes: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can...
protobuf-java: potential DoS in the parsing procedure for binary data
A flaw was found in protobuf-java. Google Protocol Buffer protobuf-java allows the interleaving of com.google.protobuf.UnknownFieldSet fields. By persuading a victim to open specially-crafted content, a remote attacker could cause a timeout in the ProtobufFuzzer function, resulting in a denial of...
GO-2022-0963 Resource exhaustion in github.com/gagliardetto/binary
A memory allocation vulnerability can be exploited to allocate arbitrarily large slices, which can exhaust available memory or crash the program. When parsing data from untrusted sources of input e.g. the blockchain, the length of the slice to allocate is read directly from the data itself withou...
CVE-2022-36078 Slice Memory Allocation with Excessive Size Value in binary
Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with arbitrary excessive size value, which can either exhaust available memory or crash the whole program. When using...
protobuf-java: potential DoS in the parsing procedure for binary data
A flaw was found in protobuf-java. Google Protocol Buffer protobuf-java allows the interleaving of com.google.protobuf.UnknownFieldSet fields. By persuading a victim to open specially-crafted content, a remote attacker could cause a timeout in the ProtobufFuzzer function, resulting in a denial of...
golang: debug/macho: invalid dynamic symbol table command can cause panic
An out of bounds read vulnerability was found in debug/macho of the Go standard library. When using the debug/macho standard library stdlib and malformed binaries are parsed using Open or OpenFat, it can cause golang to attempt to read outside of a slice array causing a panic when calling...
USN-4326-1: libiberty vulnerabilities
It was discovered that libiberty incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary...
Goblin - An Impish, Cross-Platform Binary Parsing Crate, Written In Rust
Documentation https://docs.rs/goblin/ changelog Usage Goblin requires rustc 1.31.1. Add to your Cargo.toml dependencies goblin = "0.1" Features awesome crate name zero-copy, cross-platform, endian-aware, ELF64/32 implementation - wow! zero-copy, cross-platform, endian-aware, 32/64 bit Mach-o pars...
MGASA-2018-0035 Updated gdb packages fix security vulnerability
It was discovered that gdb incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service CVE-2016-4491, CVE-2016-6131...