RUSTSEC-2024-0404 Unsoundness in anstream

When given a valid UTF8 string "ö\x1b😀", the function in crates/anstream/src/adapter/strip.rs will be confused. The UTF8 bytes are \xc3\xb6 then \x1b then \xf0\x9f\x98\x80. When looping over "non-printable bytes" \x1b\xf0 will be considered as some non-printable sequence. This will produce a brok...

PT-2024-40949 · Anstream · Anstream

Name of the Vulnerable Software and Affected Versions: anstream affected versions not specified Description: The issue arises when the function in anstream's adapter/strip.rs is given a valid UTF8 string containing non-printable bytes, such as "öx1b😀". The function incorrectly segments the UTF8...

CVE-2024-43899

A NULL pointer dereference vulnerability was found in dcn20getdcccompressioncap function in the dcn20resource.c file in the AMD GPU driver in the Linux Kernel. This issue could allow an attacker to make the system hang when using the mpv media player with specific hardware acceleration options...

The vulnerability of the async_free_space() function in the Linux kernel’s binder component, which allows a hacker to disclose protected information

The vulnerability of the asyncfreespace function in the Linux kernel’s binder component is related to a potential data leak of up to 8 bytes during each asynchronous transaction that is 8 bytes or less in size. Exploiting this vulnerability could allow an attacker to disclose sensitive informatio...

PVS Target Devices boot statistics very high bytes read

The customer had observed very slow PVS target boot time. Boot statistics on vDisk shows a long time to boot, over 600 seconds, and boot time bytes read of over 2.5 GB...

kernel: cifs: fix underflow in parse_server_interfaces()

In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...

kernel: wifi: brcmfmac: pcie: handle randbuf allocation failure

in linux kernel wifi, the kzalloc in brcmfpciedownloadfwnvram will return null if the physical memory has run out. Thereafter if getrandombytes is used, a null pointer dereference is triggered, causing allocation failure...

kernel: wifi: brcmfmac: pcie: handle randbuf allocation failure

in linux kernel wifi, the kzalloc in brcmfpciedownloadfwnvram will return null if the physical memory has run out. Thereafter if getrandombytes is used, a null pointer dereference is triggered, causing allocation failure...

kernel: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation Each attribute inside a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo so the size of such attribute needs to be at least of sizeofstruct iflavfvlaninf...

The vulnerability of the nbd_get_size() function in the libnbd library, which allows a hacker to cause a service failure

The vulnerability of the nbdgetsize function in the libnbd library is related to responses received by the server from blocks that are larger than 2^63 bytes. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

SUSE CVE-2024-42131

In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGESIZE units fit into 32-bit so that various multiplications fit into 64-bits. If limits end up bein...

CVE-2024-33015

Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report...

CVE-2024-23357 NULL Pointer Dereference in HLOS

Transient DOS while importing a PKCS8-encoded RSA key with zero bytes modulus...

CVE-2024-23357 NULL Pointer Dereference in HLOS

Transient DOS while importing a PKCS8-encoded RSA key with zero bytes modulus...

Elliptic's EDDSA missing signature length check

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

GHSA-F7Q4-PWC6-W24P Elliptic's EDDSA missing signature length check

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

DEBIAN-CVE-2024-42459

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

UBUNTU-CVE-2024-42459

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

CVE-2024-42459

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

CVE-2024-42459

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...