Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the Buffer.alloc family in lib/setup-sandbox.js. An attacker can crash t...

nodejs: Nodejs uninitialized memory exposure

A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other...

Important: nodejs20

Issue Overview: Bypass File System Permissions using crafted symlinks CVE-2025-55130 A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated...

n8n's Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner

Impact The use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process for example, data from prior requests, tasks, secrets, or tokens,...

PT-2026-6357

Impact The use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process for example, data from prior requests, tasks, secrets, or tokens,...

CVE-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

SUSE CVE-2023-53752

In the Linux kernel, the following vulnerability has been resolved: net: deal with integer overflows in kmallocreserve Blamed commit changed: ptr = kmallocsize; if ptr size = ksizeptr; size = kmallocsizeroundupsize; ptr = kmallocsize; This allowed various crash as reported by syzbot 1 and Kyle...

PT-2022-13799 · Clmg +3 · Clmg +3

Name of the Vulnerable Software and Affected Versions: Clmg affected versions not specified Description: A flaw in Clmg allows an attacker to trick the application into allocating huge buffer sizes, such as 64 Gigabyte, by using a maliciously crafted pandore or bmp file with modified dx and dy...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2569)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version 5.11-rc4...

UVI-2021-1001472 seq_file: disallow extremely large seq buffer allocations

seqfile: disallow extremely large seq buffer allocations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.276 by commit...

GSD-2021-1001472 seq_file: disallow extremely large seq buffer allocations

seqfile: disallow extremely large seq buffer allocations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.276 by commit...

GSD-2021-1001413 seq_file: disallow extremely large seq buffer allocations

seqfile: disallow extremely large seq buffer allocations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.240 by commit...

UVI-2021-1001182 seq_file: disallow extremely large seq buffer allocations

seqfile: disallow extremely large seq buffer allocations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.13.4 by commit...

Unbreakable Enterprise kernel-container security update

4.14.35-2047.505.4.3.el7 - seqfile: disallow extremely large seq buffer allocations Eric Sandeen Orabug: 33142065 CVE-2021-33909...

Unbreakable Enterprise kernel security update

4.1.12-124.52.5 - seqfile: disallow extremely large seq buffer allocations Eric Sandeen Orabug: 33135634 CVE-2021-33909...

Unbreakable Enterprise kernel-container security update

5.4.17-2102.203.6.el7 - seqfile: disallow extremely large seq buffer allocations Eric Sandeen Orabug: 33135632 CVE-2021-33909...

openSUSE: Security Advisory for the (openSUSE-SU-2021:2415-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-33909

fs/seqfile.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05...

Security update for grub2 (important)

openSUSE Security Update: Security update for grub2 Announcement ID: openSUSE-SU-2020:1168-1 Rating: important References: 1168994 1173812 1174463 1174570 Cross-References: CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 Affected Products:...

SUSE SLED15 / SLES15 Security Update : grub2 (SUSE-SU-2020:2077-1)

This update for grub2 fixes the following issues : CVE-2020-10713 bsc1168994 CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 bsc1173812 CVE-2020-15706 bsc1174463 CVE-2020-15707 bsc1174570 Use overflow checking primitives where the arithmetic expression for buffer allocations may...