OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

Important: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

Important: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: incorrect handling of ZIP files with duplica...

PT-2024-1065 · Google +4 · Angle Library +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 120.0.6099.199 Description: A heap buffer overflow in the ANGLE library of Google Chrome allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. The issue is related to the WebG...

CVE-2023-52284

Bytecode Alliance wasm-micro-runtime aka WebAssembly Micro Runtime or WAMR before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because pushpopframerefoffset is mishandled...

CVE-2023-52284

Bytecode Alliance wasm-micro-runtime aka WebAssembly Micro Runtime or WAMR before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because pushpopframerefoffset is mishandled...

Double free

Bytecode Alliance wasm-micro-runtime aka WebAssembly Micro Runtime or WAMR before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because pushpopframerefoffset is mishandled...

CVE-2023-52284

WAMR (wasm-micro-runtime) versions prior to 1.3.0 are affected by CVE-2023-52284 due to mishandling of push_pop_frame_ref_offset, which can lead to a double free or memory corruption when processing a valid WebAssembly module. The issue is rooted in the runtime’s frame reference offset handling. ...

CVE-2023-52284

Bytecode Alliance wasm-micro-runtime aka WebAssembly Micro Runtime or WAMR before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because pushpopframerefoffset is mishandled...

PT-2023-31956 · Bytecode Alliance · Wasm-Micro-Runtime

Name of the Vulnerable Software and Affected Versions: Bytecode Alliance wasm-micro-runtime versions prior to 1.3.0 Description: The issue arises from the mishandling of push pop frame ref offset, leading to a "double free or corruption" error for a valid WebAssembly module. Recommendations: For...

An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c.

...

Improper Restriction of Operations within the Bounds of a Memory Buffer

Overview Affected versions of this package are vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer via the wasmloaderpreparebytecode function in core/iwasm/interpreter/wasmloader.c. An attacker can cause a denial of service by exploiting this vulnerability...

CVE-2023-48105

An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasmloaderpreparebytecode function in core/iwasm/interpreter/wasmloader.c...

CVE-2023-48105

An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasmloaderpreparebytecode function in core/iwasm/interpreter/wasmloader.c...

CVE-2023-48105

An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasmloaderpreparebytecode function in core/iwasm/interpreter/wasmloader.c...

WebAssembly Micro Runtime Security Vulnerability

WebAssembly Micro Runtime WAMR is a lightweight, standalone WebAssembly runtime open-sourced by the Bytecode Alliance. With a small footprint, high performance, and highly configurable features for applications ranging from embedded, IoT, and edge to Trusted Execution Environments TEEs, smart...

CVE-2023-48105

An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasmloaderpreparebytecode function in core/iwasm/interpreter/wasmloader.c...

PT-2023-30698 · Bytecode Alliance · Wasm-Micro-Runtime

Name of the Vulnerable Software and Affected Versions: Bytecode alliance wasm-micro-runtime version 1.2.3 Description: A heap overflow issue was discovered, allowing a remote attacker to cause a denial of service via the wasm loader prepare bytecode function in core/iwasm/interpreter/wasm loader....

CVE-2023-48105

An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasmloaderpreparebytecode function in core/iwasm/interpreter/wasmloader.c...