GO-2026-4354 Rekor's COSE v0.0.1 entry type nil pointer dereference in Canonicalize via empty Message in github.com/sigstore/rekor

Rekor's COSE v0.0.1 entry type nil pointer dereference in Canonicalize via empty Message in github.com/sigstore/rekor...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the Canonicalize function when spec.message is empty. An attacker can cause a denial of service by sending malformed proposed entries of cose/v0.0.1 or dsse/v0.0.1 types that trigger panic on a thread...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the Canonicalize function when spec.message is empty. An attacker can cause a denial of service by sending malformed proposed entries of cose/v0.0.1 or dsse/v0.0.1 types that trigger panic on a thread...

PT-2024-40872 · Git +1 · Icu

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack-buffer-overflow read crash. The crash state involves several functions, including canonicalize, ulocimp getBaseName 75, a...

lxml: NULL Pointer Dereference in lxml

A NULL Pointer dereference vulnerability found in lxml, caused by the iterwalk function also used by the canonicalize function. This flaw can lead to a crash when the incorrect parser input occurs together with usages...

CVE-2022-2309

A NULL Pointer dereference vulnerability found in lxml, caused by the iterwalk function also used by the canonicalize function. This flaw can lead to a crash when the incorrect parser input occurs together with usages...

PYSEC-2022-230

NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code...

UBUNTU-CVE-2022-2309

NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code...

PT-2011-1024 · Icu +3 · International Components For Unicode +3

Name of the Vulnerable Software and Affected Versions: International Components for Unicode ICU versions prior to 49.1 Description: The issue is related to a stack-based buffer overflow in the canonicalize function in common/uloc.c that allows remote attackers to execute arbitrary code via a...