Out-of-bounds

An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file via tricking a user to open or otherwise to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most...

UBUNTU-CVE-2021-4156

An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file via tricking a user to open or otherwise to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most...

CVE-2021-4156

An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file via tricking a user to open or otherwise to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most...

CVE-2021-4156

CVE-2021-4156 affects libsndfile’s FLAC codec, with an out-of-bounds read that can crash an application and potentially leak memory. Multiple advisories confirm vulnerable versions and fix versions across distributions: Debian LTS fixes in 1.0.28-6+deb10u2; Amazon Linux 2023 updates to 1.0.31-6.a...

CVE-2021-4156

An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file via tricking a user to open or otherwise to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most...

netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service...

Moderate: Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus 2.2.1 security update

A security update to Red Hat Integration Camel Extensions for Quarkus 2.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System...

CVE-2021-42390

Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0...

CVE-2021-42387

Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...

DEBIAN-CVE-2021-42388

Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...

CVE-2021-42391

CVE-2021-42391 affects ClickHouse through a divide-by-zero flaw in the Gorilla compression codec. The vulnerability arises when parsing a malicious query: the first byte of the compressed buffer is used in a modulo operation without validating for zero, potentially causing denial of service. The ...

CVE-2021-42390

ClickHouse DeltaDouble compression codec vulnerability (CVE-2021-42390) arises from a divide-by-zero when the first byte of a compressed buffer is used in a modulo operation without zero-checking. It is exploited during parsing a malicious query, potentially causing a denial-of-service. The issue...

CVE-2021-43305

Summary : CVEs 2021-43304 and 2021-43305 describe heap/ buffer issues in ClickHouse’s LZ4 compression codec during parsing of crafted queries, due to unsafe copy bounds in LZ4::decompressImpl and the wildCopy function. The connected documents confirm a related set of advisories and mitigations ac...

Yandex ClickHouse 缓冲区错误漏洞

Yandex ClickHouse is a set of open source columnar databases for online analytical processing from the Russian company Yandex. Yandex ClickHouse suffers from a buffer error vulnerability that stems from a heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query...

CVE-2022-24451

CVE-2022-24451 affects Microsoft Windows VP9 Video Extensions. The VP9 Extensions library is vulnerable to remote code execution when processing crafted VP9 files. CVSS 3.1 vector indicates local attack with user interaction required, high impact on confidentiality/ integrity/availability. Connec...

VP9 Video Extensions Remote Code Execution Vulnerability

...

Google Android 缓冲区错误漏洞

Google Android is a Linux-based open source operating system from Google, Inc. A buffer overflow vulnerability exists in Google Android due to an out-of-bounds read in cdParseMsg of cdcodec.c caused by a boundary check error, which could be exploited to cause remote information disclosure...

Moderate: Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.2.8)

OpenShift Logging bug fix and security update 5.2.8 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Moderate: Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.1.9)

OpenShift Logging bug fix and security update 5.1.9 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Moderate: Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.3.5)

OpenShift Logging bug fix and security update 5.3.5 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...