EUVD-2020-6467

Malware in sbrugna...

OPENSUSE-SU-2024:10045-1 bsdiff-4.3-5.3 on GA media

These are all security issues fixed in the bsdiff-4.3-5.3 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2020-14315

A memory corruption vulnerability is present in bspatch as shipped in Colin Percival's bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries...

Debian: Security Advisory (DLA-697-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2014-9862

Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via a crafted patch file...

SUSE SLES15 Security Update : libostree (SUSE-SU-2022:3455-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3455-1 advisory. - Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attacke...

Mageia: Security Advisory (MGASA-2016-0288)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2020-14315

A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries...

CVE-2020-14315

A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries...

Memory corruption

A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries...

UBUNTU-CVE-2020-14315

A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries...

CVE-2020-14315

CVE-2020-14315 affects bspatch (Colin Percival’s bsdiff tools) version 4.3. The vulnerability arises from insufficient checks when handling external inputs, allowing memory corruption by writing beyond a dynamically allocated buffer boundary. Affected component is bspatch tooling; the root cause ...

CVE-2020-14315

A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries...

Ubuntu: Security Advisory (USN-4500-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4500-1 bsdiff vulnerabilities

It was discovered that bsdiff mishandled certain input. If a user were tricked into opening a malicious file, an attacker could cause bsdiff to crash or potentially execute arbitrary code...

USN-4500-1: bsdiff vulnerabilities

It was discovered that bsdiff mishandled certain input. If a user were tricked into opening a malicious file, an attacker could cause bsdiff to crash or potentially execute arbitrary code...

Ubuntu 16.04 LTS : bsdiff vulnerabilities (USN-4500-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4500-1 advisory. It was discovered that bsdiff mishandled certain input. If a user were tricked into opening a malicious file, an attacker could cause bsdiff to crash or potential...

Binary diff: Heap-based buffer overflow

Background bsdiff and bspatch are tools for building and applying patches to binary files. Description It was discovered that the implementation of bspatch did not check for a negative value on numbers of bytes read from the diff and extra streams. Impact A remote attacker could entice a user to...

Debian: Security Advisory (DLA-2010-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2010-1 : bsdiff security update

An issue in bsdiff, a tool to generate/apply a patch between two binary files, has been found. Using a crafted patch file an integer signedness error in bspatch could be used for a heap based buffer overflow and possibly execution of arbitrary code. For Debian 8 'Jessie', this problem has been...