Denial Of Service (DoS)

github.com/ipld/go-codec-dagpb is vulnerable to denial of service. The vulnerability exists when dag-pb codec decodes an invalid block which allows an attacker to cause an application crash...

GHSA-C653-6HHG-9X92 go-ipld-prime/codec/json may panic if asked to encode bytes

go-ipld-prime is a series of Go interfaces for manipulating IPLD data and a Go module that contains the go-ipld-prime/codec/json codec. Impact Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON encoder which will panic as it doesn't expect to receive Bytes tokens...

go-ipld-prime/codec/json may panic if asked to encode bytes

go-ipld-prime is a series of Go interfaces for manipulating IPLD data and a Go module that contains the go-ipld-prime/codec/json codec. Impact Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON encoder which will panic as it doesn't expect to receive Bytes tokens...

CVE-2023-22460

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON...

CVE-2023-22460 go-ipld-prime json codec may panic if asked to encode bytes

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON...

CVE-2023-22460 go-ipld-prime json codec may panic if asked to encode bytes

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON...

CVE-2023-22460 go-ipld-prime json codec may panic if asked to encode bytes

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON...

OPENSUSE-SU-2022:10255-1 Security update for vlc

This update for vlc fixes the following issues: - Update to version 3.0.18 CVE-2022-41325, boo1206142: + macOS: Fix audio device listing with non-latin names. + Misc: Fix rendering and performance issue with older GPUs. + Updated translations. - Changes from version 3.0.18-rc2: + Codec/Demux: - A...

GHSA-967G-CJX4-H7J6 Duplicate Advisory: go-codec-dagpb vulnerable to panic when decoding invalid blocks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g3vv-g2j5-45f2. This link is maintained to preserve external references. Original Description go-codec-dagpb is an implementation of the DAG-PB spec for Go. The dag-pb codec can panic when decoding invalid block...

Duplicate Advisory: go-codec-dagpb vulnerable to panic when decoding invalid blocks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g3vv-g2j5-45f2. This link is maintained to preserve external references. Original Description go-codec-dagpb is an implementation of the DAG-PB spec for Go. The dag-pb codec can panic when decoding invalid block...

CVE-2022-2584

The dag-pb codec can panic when decoding invalid blocks...

CVE-2022-2584

The dag-pb codec can panic when decoding invalid blocks...

Information disclosure

The dag-pb codec can panic when decoding invalid blocks...

CVE-2022-2584 Panic when decoding invalid blocks in github.com/ipld/go-codec-dagpb

The dag-pb codec can panic when decoding invalid blocks...

CVE-2022-2584

CVE-2022-2584 affects go-codec-dagpb (github.com/ipld/go-codec-dagpb). The dag-pb codec can panic when decoding invalid blocks, causing a potential DoS by crashing the application. The issue has been patched in version 1.3.1. Embed: affected component is the dag-pb codec; root cause is panic on i...

OPENSUSE-SU-2022:10252-1 Security update for vlc

This update for vlc fixes the following issues: - Update to version 3.0.18 CVE-2022-41325, boo1206142: + macOS: Fix audio device listing with non-latin names. + Misc: Fix rendering and performance issue with older GPUs. + Updated translations. - Changes from version 3.0.18-rc2: + Codec/Demux: - A...

go-dagpb 缓冲区错误漏洞

go-dagpb is an IPLD open source implementation of the DAG-PB Go specification. A security vulnerability exists in go-dagpb that stems from the fact that the dag-pb codec may crash when decoding an invalid block...

CVE-2022-44640

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center KDC...

AZL-44388 CVE-2022-44640 affecting package samba for versions less than 4.18.3-1

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center KDC...

CVE-2022-44640

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center KDC...