CVE-2024-22562

swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dictforeachkeyvalue at swftools/lib/q.c...

CVE-2024-22911

A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602...

Fedora 38 : espeak-ng (2024-698737a3c5)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-698737a3c5 advisory. Security fix for CVE-2023-49990, CVE-2023-49991, CVE-2023-49992, CVE-2023-49993, CVE-2023-49994. Tenable has extracted the preceding description blo...

PT-2024-19607 · Swftools · Swftools

Name of the Vulnerable Software and Affected Versions: SWFTools version 0.9.2 Description: A stack-buffer-underflow issue was found in the function parseExpression at src/swfc.c:2602. This issue can potentially lead to a denial of service. Recommendations: For SWFTools version 0.9.2, as a tempora...

CVE-2024-22955

swftools 0.9.2 is affected by a stack-buffer-underflow in parseExpression (swftools/src/swfc.c:2576). The issue arises from insufficient input length validation and can enable arbitrary code execution or denial of service. CVSS v3.1 base score 7.8 (High, Local, User Interaction required). Remedia...

CVE-2024-22911

SWFTools 0.9.2 has a stack-buffer-underflow in parseExpression (src/swfc.c:2602). The vulnerability is described as potentially enabling arbitrary code execution or denial of service. Public documents do not specify an official patched version. A workaround suggestion exists in PT-2024-19607 to d...

CVE-2024-22562

CVE-2024-22562 affects swftools 0.9.2 with a Stack Buffer Underflow in dict_foreach_keyvalue (swftools/lib/q.c). Root cause: validation weakness in input handling leading to a buffer underflow. Impact: potential arbitrary code execution or denial of service (as described across sources). Exploit ...

CVE-2024-22955

swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576...

EulerOS 2.0 SP10 : c-ares (EulerOS-SA-2023-2804)

According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as...

EulerOS Virtualization 2.10.0 : c-ares (EulerOS-SA-2023-2932)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...

EulerOS Virtualization 2.10.1 : c-ares (EulerOS-SA-2023-2913)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...

EulerOS Virtualization 3.0.6.0 : c-ares (EulerOS-SA-2023-3421)

According to the versions of the c-ares packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE wil...

EulerOS Virtualization 2.9.1 : c-ares (EulerOS-SA-2023-2951)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...

EulerOS 2.0 SP10 : c-ares (EulerOS-SA-2023-2780)

According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as...

EulerOS Virtualization 2.9.0 : c-ares (EulerOS-SA-2023-2977)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...

EulerOS Virtualization 2.11.0 : c-ares (EulerOS-SA-2023-2749)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in...

EulerOS 2.0 SP11 : c-ares (EulerOS-SA-2023-2676)

According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in particular...

Amazon Linux 2 : c-ares (ALAS-2024-2399)

The version of c-ares installed on the remote host is prior to 1.10.0-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2399 advisory. A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Serve...

Fedora 39 : espeak-ng (2024-5661c87b25)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5661c87b25 advisory. Security fix for CVE-2023-49990, CVE-2023-49991, CVE-2023-49992, CVE-2023-49993, CVE-2023-49994. Tenable has extracted the preceding description blo...

Stack Buffer Underflow

libespeak-ng.so is vulnerable to Stack Buffer Underflow. The vulnerability is caused by a lack of validation for the length parameter before its passed to malloc. An attacker can exploit this by providing an excessively small or manipulated value that could potentially lead to a buffer underflow...