Uncontrolled recursion in trust-dns-proto

There's a stack overflow leading to a crash when Trust-DNS's parses a malicious DNS packet. Affected versions of this crate did not properly handle parsing of DNS message compression RFC1035 section 4.1.4. The parser could be tricked into infinite loop when a compression offset pointed back to th...

GHSA-369H-PJR2-6WRH Uncontrolled recursion in trust-dns-proto

There's a stack overflow leading to a crash when Trust-DNS's parses a malicious DNS packet. Affected versions of this crate did not properly handle parsing of DNS message compression RFC1035 section 4.1.4. The parser could be tricked into infinite loop when a compression offset pointed back to th...

DNSMonster - Passive DNS Capture/Monitoring Framework

Passive DNS collection and monitoring built with Golang, Clickhouse and Grafana: dnsmonster implements a packet sniffer for DNS traffic. It can accept traffic from a pcap file, a live interface or a dnstap socket, and can be used to index and store thousands of DNS queries per second it has shown...

F5 BIG-IP 输入验证错误漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. F5 BIG-IP compression driver denial of service vulnerability, on platforms using Intel QuickAssist Technology QAT compression...

CVE-2020-25767

An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnccopyin routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet e.g., forward compression pointer jumps are allowed, which leads to an Out-of-bounds...

CVE-2020-25767

CVE-2020-25767 affects HCC Embedded InterNiche/NicheStack (IPv4) prior to 4.3. The root cause is in the dnc_copy_in DNS domain name parser, which fails to validate that compression pointers stay within packet bounds, enabling an out-of-bounds read and potential DoS via crafted DNS data. Affected ...

[SECURITY] Fedora 34 Update: rust-weezl-0.1.5-3.fc34

Fast LZW compression and decompression...

PYSEC-2021-562

TensorFlow is an end-to-end open source platform for machine learning. The code for tf.rawops.UncompressElement can be made to trigger a null pointer dereference. The implementation obtains a pointer to a CompressedElement from a Variant tensor and then proceeds to dereference it for decompressin...

AT&T Labs Xmill XML parsing CreateLabelOrAttrib memory corruption vulnerability

Summary A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Tested Versions AT&T Labs Xmill 0...

PT-2021-7818 · Xmill · Xmill

Name of the Vulnerable Software and Affected Versions: Xmill affected versions not specified Description: The issue is related to the function HandleFileArg in the Xmill XML compression tool, which is vulnerable to exploitation due to the lack of checks on user-provided input. Specifically, the...

Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery

!-- Panasonic Sanyo CCTV Network Camera 2.03-0x CSRF Disable Authentication / Change Password Vendor: Panasonic Corporation | SANYO Electric Co., Ltd. Product web page: https://www.panasonic.com https://www.sanyo-av.com https://panasonic.net/sanyo/cs/index.html Affected version: Model: VCC-HD5600...

Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery Vulnerability

Panasonic Sanyo CCTV Network Camera version 2.03-0x allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. These actions can be exploited to perform authentication detriment and account password change with administrative privilege...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost, a pre-authentication remote code execution vulnerability in Microsoft Windows. The exploit is written in Python and uses the SMB protocol to target vulnerable Windows systems. The exploit code is organized into...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 PoC aka CoronaBlue aka SMBGhost is a proof-of-concept exploit for a bug in Windows 10 1903/1909's new SMB3 compression capability. The bug is caused by a lack of bounds checking in the offset size of the SMB2CompressionTransformHeader, which is directly passed to several subroutines...

Denial Of Service (DoS)

commons-compress is vulnerable to denial of service. Lack of proper handling of memory while compressing tar package causes an out of memory error even for very small inputs...

The vulnerability of the xz_head function in the xzlib.c component of the Libxml2 library, related to a lack of resource allocation mechanism, allows attackers to cause service failures.

The vulnerability of the xzhead function in the xzlib.c component of the Libxml2 library is related to the lack of memory constraints. Exploiting this vulnerability allows a remote attacker to cause a service failure through the use of a specially created LZMA file...

Moderate: Red Hat Security Advisory: lz4 security update

An update for lz4 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Moderate: lz4 security update

The lz4 packages provide support for LZ4, a very fast, lossless compression algorithm that provides compression speeds of 400 MB/s per core and scales with multicore CPUs. It also features an extremely fast decoder that reaches speeds of multiple GB/s per core and typically reaches RAM speed limi...

RLSA-2021:2575 Moderate: lz4 security update

The lz4 packages provide support for LZ4, a very fast, lossless compression algorithm that provides compression speeds of 400 MB/s per core and scales with multicore CPUs. It also features an extremely fast decoder that reaches speeds of multiple GB/s per core and typically reaches RAM speed limi...

ALSA-2021:2575 Moderate: lz4 security update

The lz4 packages provide support for LZ4, a very fast, lossless compression algorithm that provides compression speeds of 400 MB/s per core and scales with multicore CPUs. It also features an extremely fast decoder that reaches speeds of multiple GB/s per core and typically reaches RAM speed limi...