9 matches found
CVE-2026-46385
A flaw was found in the Avro array and map decoding logic in Go Avro. The decoder failed to properly stop processing after encountering read errors while iterating over attacker-controlled block-count values, leading to excessive resource consumption. A remote unauthenticated attacker could explo...
CVE-2026-46385
Summary (CVE-2026-46385) iskorotkov/avro’s Go Avro decoder can trigger remote, unauthenticated CPU exhaustion by looping up to math.MaxInt64 iterations when decoding large attacker-controlled block counts, because inner loops did not check the reader’s error state after each decode. Affected: git...
GHSA-W8J3-PQ8G-8M7W iskorotkov/avro: CPU Exhaustion in Decoder
CPU Exhaustion in Avro Decoder via Unbounded Block-Count Iteration Summary The Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is...
iskorotkov/avro: CPU Exhaustion in Decoder
CPU Exhaustion in Avro Decoder via Unbounded Block-Count Iteration Summary The Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is...
PT-2026-41800
Name of the Vulnerable Software and Affected Versions iskorotkov/avro versions prior to 2.33.0 github.com/hamba/avro/v2 versions prior to 2.32.0 Description Remote, unauthenticated denial-of-service occurs due to CPU exhaustion in the Avro array and map decoders. The issue arises because the...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: md: Fix for softlockup when the bitmap size is less than the array size. It is reported that for dm-raid10, the command lvextend followed by --syncaction will trigger a softlockup. The error message is as follows: kernel:watchdog...
[SECURITY] Fedora 39 Update: rust-uu_sum-0.0.23-3.fc39
sum uutils display checksum and block counts for input...
[SECURITY] Fedora 40 Update: rust-uu_sum-0.0.23-3.fc40
sum uutils display checksum and block counts for input...
bitcoind/Bitcoin-Qt Denial of Service
Bitcoin is an electronic currency created with open source P2P software. Unspecified vulnerabilities in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 can be exploited by a remote attacker to cause a denial of service blocking-processing...