9 matches found
Decompressing invalid data can leak information from uninitialized memory or reused output buffer
Decompressing invalid LZ4 data with the block API can leak data from uninitialized memory, or leak content from previous decompression operations when reusing an output buffer. The LZ4 block format defines a "match copy operation" which duplicates previously written data or data from a...
CVE-2021-47876
GeoGebra Classic 5.0.631.0-d contains a denial of service vulnerability in the input field that allows attackers to crash the application by sending oversized buffer content. Attackers can generate a large buffer of 800,000 repeated characters and paste it into the 'Entrada:' input field to trigg...
Mozilla: Symlinks may resolve to partially uninitialized buffers
The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...
undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer
An information leak vulnerability was found in Undertow. If all headers are not written out in the first write call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests...
GNU libiberty - Buffer Overflow
GNU libiberty - Buffer Overflow Source: https://gcc.gnu.org/bugzilla/showbug.cgi?id=69687 The attached program binary causes a buffer overflow in cplus-dem.c when it tries to demangle specially crafted function arguments in the binary. Both the buffer size as well as the buffer content are...
GNU libiberty - Buffer Overflow
Source: https://gcc.gnu.org/bugzilla/showbug.cgi?id=69687 The attached program binary causes a buffer overflow in cplus-dem.c when it tries to demangle specially crafted function arguments in the binary. Both the buffer size as well as the buffer content are controlled from the binary. objdump -x...
SuSE Update for krb5 SUSE-SA:2008:016
Check for the Version of krb5 OpenVAS Vulnerability Test $Id: gbsuse2008016.nasl 8050 2017-12-08 09:34:29Z santu $ SuSE Update for krb5 SUSE-SA:2008:016 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...
SuSE 10 Security Update : Kerberos 5 (ZYPP Patch Number 5082)
This update fixes the following security bugs in krb5/krb5-server : - null/dangling pointer needs enabled krb4 support. CVE-2008-0062 - possible operations on uninitialized buffer content/information leak needs enabled krb4 support. CVE-2008-0063 - out-of-bound array access in kadmind's RPC lib...
CVE-2023-34255
Removed by vendor...