Ouroboros is Unsound

Summary Ouroboros has a soundness problem, but a fix has been implemented in 0.16.0. More details: In 0.15.0, Ouroboros works internally by creating a struct where all uses of 'this are replaced by 'static. However, a recent addition to Miri checks that references passed to functions are valid...

RUSTSEC-2023-0042 Ouroboros is Unsound

Summary Ouroboros has a soundness problem, but a fix has been implemented in 0.16.0. More details: In 0.15.0, Ouroboros works internally by creating a struct where all uses of 'this are replaced by 'static. However, a recent addition to Miri checks that references passed to functions are valid...

DNS wire format AND DNS label-sequence format ARE USED INTERCHANGABLY TO REPRESENT DOMAIN NAMES DURING RRSet VALIDATION

Lines of code Vulnerability details Impact @param name The name to claim, in DNS wire format. above format is used in DNSRegistrar.proveAndClaim and DNSRegistrar.proveAndClaimWithResolver functions @param name The name of the RRSIG record, in DNS label-sequence format. above format is used in...

SUSE CVE-2021-27218

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If gbytearraynewtake was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 232, causing unintended length truncation...

PHP < 8.0.28, 8.1.x < 8.1.16, 8.2.x < 8.2.3 Security Update - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

json-smart: Denial of Service in JSONParserByteArray function

A flaw was found in the json-smart package in the JSONParserByteArray. This flaw allows an attacker to cause a denial of service...

swtpm: Unchecked header size indicator against expected size

An out-of-bounds read vulnerability was found in swtpm. The vulnerability exists due to a boundary condition when the byte array representing the state of the TPM is accessed. This flaw allows an attacker to send a specially crafted header, triggering an out-of-bounds read access on the byte arra...

GHSA-8GWC-X7MG-7P7P Apache XML Security For Java vulnerable to Infinite Loop

Affected versions of xmlsec are subject to a denial of service vulnerability. Should a user check the signature of a message larger than 512 MB, the method expandSizeint newPos of class org.apache.xml.security.utils.UnsyncByteArrayOutputStream goes in an endless loop. A remote attacker could use...

Denial Of Service

openssl is vulnerable to denial of service. The vulnerability exists due to the system constructing valid ASN1STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1STRING array...

glib: integer overflow in g_byte_array_new_take function when called with a buffer of 4GB or more on a 64-bit platform

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If gbytearraynewtake was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 232, causing unintended length truncation...

3s-smart Software Solutions CODESYS Development System 代码问题漏洞

3s-smart Software Solutions CODESYS Development System is a suite of programming tools for the field of industrial controllers and automation technology from 3S-Smart Software Solutions 3s-smart Software Solutions, Germany. A code issue vulnerability exists in the ObjectManager.plugin...

p11-kit: out-of-bounds write in p11_rpc_buffer_get_byte_array_value function in rpc-message.c

An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CKATTRIBUTE, the receiving entity may not...

p11-kit: out-of-bounds read in p11_rpc_buffer_get_byte_array function in rpc-message.c

An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS11 function call, the receiving...

MGASA-2021-0123 Updated glib2.0 packages fix security vulnerabilities

Fix various instances within GLib where gmemdup was vulnerable to a silent integer truncation and heap overflow problem discovered by Kevin Backhouse, work by Philip Withnall 2319 Fix some issues with handling over-long invalid input when parsing for GDate !1824 Don't load GIO modules or parse...

CVE-2020-29363

An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CKATTRIBUTE, the receiving entity may not...

CVE-2020-29363

An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CKATTRIBUTE, the receiving entity may not...

PT-2020-6233 · P11 Kit +8 · P11-Kit +8

Name of the Vulnerable Software and Affected Versions: p11-kit versions 0.21.1 through 0.23.21 Description: A heap-based buffer over-read has been discovered in the RPC protocol used by the p11-kit server/remote commands and the client library. When the remote entity supplies a byte array through...

CVE-2020-29363

An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CKATTRIBUTE, the receiving entity may not...

Denial Of Service (DoS)

p11-kit is vulnerable to denial of service DoS. The vulnerability exists through a heap-based buffer over-read has been discovered in the RPC protocol used by the p11-kit server/remote commands and the client library in versions 0.21.1 up to 0.23.21. When the remote entity supplies a byte array...

PT-2020-5853 · P11 Kit +7 · P11-Kit +7

Name of the Vulnerable Software and Affected Versions: p11-kit versions 0.23.6 through 0.23.21 Description: A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array i...