GHSA-C2P3-7M5P-CV8X Symfony hardened the parser when handling untrusted input

Description Symfony\Component\Yaml\Parser is the entry point for parsing YAML strings into PHP values via Yaml::parse. When the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level Parser::parseBlock and inline Inline::parseSequence /...

OSV-2026-816 Heap-buffer-overflow in md_process_all_blocks

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=516422428 Crash type: Heap-buffer-overflow READ Crash state: mdprocessallblocks mdparse mdhtml...

PT-2026-44146

Description SymfonyComponentYamlParser is the entry point for parsing YAML strings into PHP values via Yaml::parse. When the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level Parser::parseBlock and inline Inline::parseSequence /...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Corrected the incorrect validation of the next buffer length in smb2setea. There are multiple smb2eainfo buffers in the FILEFULLEAINFORMATION request from the client. ksmbd uses the NextEntryOffset of the current...

OSV-2026-717 Stack-use-after-scope in enter_block_callback

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=511831392 Crash type: Stack-use-after-scope READ 4 Crash state: enterblockcallback mdprocessallblocks mdparse...

Security Bulletin: Highlight.js Prototype Pollution Vulnerability in Code Block Parsing, affects watsonx.data

Summary Highlight.js versions prior to 9.18.2 and 10.1.2 are vulnerable to prototype pollution via malicious HTML in user-supplied code blocks. This can cause unexpected application behavior or crashes, representing a potential DoS vector. This can affect watsonx.data. Vulnerability Details...

CVE-2025-61910

The CVE-2025-61910 issue affects NASA ION-DTN (BPv7) 4.1.3s. A malformed CBOR extension block in a BPv7 bundle can trigger uncontrolled memory allocation during parsing: the extension block’s fifth element (a byte string) is mishandled, and an unsigned blockLength is converted to a 32‑bit signed ...

CVE-2023-40294

libboron in Boron 2.0.8 has a heap-based buffer overflow in urparseBlockI at iparseblk.c...

USN-6012-1 smarty3 vulnerability

It was discovered that Smarty incorrectly parsed blocks' names and included files' names. A remote attacker with template writing permissions could use this issue to execute arbitrary PHP code. CVE-2022-29221...

Witness Block Parsing DoS Vulnerability

Impact All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments and forward HTLCs, and close out channels. Opening channels is prohibited, and also on...

GHSA-HC82-W9V8-83PR Witness Block Parsing DoS Vulnerability

Impact All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments and forward HTLCs, and close out channels. Opening channels is prohibited, and also on...

Design/Logic Flaw

Lightning Network Daemon lnd is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments a...

Lightning Network Daemon 输入验证错误漏洞

Lightning Network Daemon LND is a software for a complete implementation of Lightning Network nodes by the Lightningnetwork team. The software belongs to a node of the Lightning Payment Network and implements the regulations specified in the Lightning Network Specification Compliance protocol,...

CVE-2022-39389

CVE-2022-39389 (lnd) affects Lightning Network Daemon (lnd) prior to v0.15.4. The vulnerability is a block parsing bug that can cause a node to enter a degraded state after processing certain blocks. In this state, a node can still forward HTLCs and make payments but cannot open channels, and on-...

PT-2022-24948 · Unknown · Lightning Network Daemon

Name of the Vulnerable Software and Affected Versions: Lightning Network Daemon lnd versions prior to 0.15.4 Description: The issue is related to a block parsing bug that can cause a node to enter a degraded state. In this state, nodes can continue to make payments and forward HTLCs, and close ou...

CVE-2022-39389 Witness Block Parsing DoS Vulnerability in lnd

Lightning Network Daemon lnd is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments a...

CVE-2022-39389 Witness Block Parsing DoS Vulnerability in lnd

Lightning Network Daemon lnd is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments a...

CVE-2022-39389 Witness Block Parsing DoS Vulnerability in lnd

Lightning Network Daemon lnd is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments a...

Eclipse Jetty Integer Overflow Vulnerability

Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . An integer overflow vulnerability in the parsing of block lengths in Eclipse Jetty versions 9.2.x and earlier, 9.3.x, and 9.4.x stems from the program's failure to properly handle...