CVE-2022-25788

A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code...

The vulnerability of the Vim text editor, related to writing beyond buffer boundaries, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Vim text editor is related to writing beyond buffer boundaries. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and accessibility of protected information...

EulerOS Virtualization 2.10.0 : openssl (EulerOS-SA-2022-1417)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an...

MGASA-2022-0143 Updated ruby packages fix security vulnerability

Double free in Regexp compilation CVE-2022-28738. A buffer overrun was found in String-to-Float conversion CVE-2022-28739...

[slackware-security] ruby

New ruby packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/ruby-3.0.4-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: Double free in Regexp compilation. Buffer overrun ...

CVE-2022-24788

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...

Buffer overflow

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...

PYSEC-2022-197

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...

PYSEC-2022-197

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...

CVE-2022-24788 Buffer overflow in Vyper

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...

CVE-2022-24788

CVE-2022-24788 affects Vyper up to version 0.3.2, where importing a function from a JSON interface returning bytes can generate bytecode that does not clamp bytes length, potentially causing a buffer overrun. A fixed version is 0.3.2; users should upgrade to this release. Several sources (e.g., R...

CVE-2022-24788 Buffer overflow in Vyper

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...

CVE-2022-25797

A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while parsing PDF files. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception...

The vulnerability of the PJSIP multimedia communication library, related to the execution of operations outside the buffer in memory, allows attackers to trigger a service failure.

The vulnerability of the PJSIP multimedia communication library is related to the issue of the operation exceeding the buffer boundaries in memory during SIP message processing. Exploiting this vulnerability could allow a malicious actor to cause service failures...

PT-2022-16880 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.3.2 Description: The issue arises when importing a function from a JSON interface that returns bytes, generating bytecode that does not clamp the bytes length, potentially resulting in a buffer overrun. There are no...

FreeBSD : Ruby -- Buffer overrun in String-to-Float conversion (06ed6a49-bad4-11ec-9cfe-0800270512f4)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 06ed6a49-bad4-11ec-9cfe-0800270512f4 advisory. - piao reports: Due to a bug in an internal function that converts a String to a Float, some convertion...

PT-2022-19134 · Bentley · Microstation Connect

Name of the Vulnerable Software and Affected Versions: Bentley MicroStation CONNECT version 10.16.02.34 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicio...

Ruby -- Buffer overrun in String-to-Float conversion

piao reports: Due to a bug in an internal function that converts a String to a Float, some convertion methods like KernelFloat and Stringtof could cause buffer over-read. A typical consequence is a process termination due to segmentation fault, but in a limited circumstances, it may be exploitabl...

Buffer overrun in String-to-Float conversion

A buffer-overrun vulnerability is discovered in a conversion algorithm from a String to a Float. This vulnerability has been assigned the CVE identifier CVE-2022-28739. We strongly recommend upgrading Ruby. Due to a bug in an internal function that converts a String to a Float, some convertion...

The vulnerability of the de265_image::available_zscan function in the h.265 Libde265 implementation allows a attacker to cause a service failure.

The vulnerability of the de265image::availablezscan function in the h.265 Libde265 implementation is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to cause a service failure using a specially created file...