7 matches found
CVE-2026-46545 nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::putchunk allows any state-sync peer to crash any node performing state...
CVE-2026-46545 nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::putchunk allows any state-sync peer to crash any node performing state...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the Chunk process when handling files with a samplesperchunk value of zero. An attacker can cause a segmentation fault and denial of service by providing a specially crafted HEIF file that triggers an unsigned...
CVE-2025-14177
A flaw was found in PHP. The getimagesize function may leak uninitialized heap memory when processing images in multi-chunk mode, such as through php://filter. This vulnerability, caused by a bug in phpreadstreamallchunks that overwrites the buffer without advancing the pointer, allows an attacke...
SKALD: Scalable K-Anonymisation for Large Datasets
Data privacy and anonymisation are critical concerns in today's data-driven society, particularly when handling personal and sensitive user data. Regulatory frameworks worldwide recommend privacy-preserving protocols such as k-anonymisation to de-identify releases of tabular data. Available...
Unbounded iteration
Handle cmichel Vulnerability details Vulnerability Details The Visor.removeNft iterates over all nfts. Anyone can add to this array by depositing NFTs, see Visor.onERC721Received. Other occurences that makes an unbounded iteration over arrays: Visor.getBalanceLocked Visor.getNftIdByTokenIdAndAddr...
Microsoft Windows GDIplus PNG Chunk Processing Integer Overflow (MS09-062; CVE-2009-2501; CVE-2013-1331)
An integer overflow vulnerability exists in Microsoft Windows GDI+. The vulnerability is due to lack of input validation when Microsoft Windows GDI+ handles PNG files. A remote attacker can exploit this vulnerability by enticing the target to open a specially crafted PNG file. Successful...