Copy-Paste Vulnerability (CVE) Denial Of Service (DoS)

CryptoppECC contains a copy of the Crypto++ aka cryptopp and libcrypto++ library inside it. The version that it contains is vulnerable to a denial of service DoS attack through the mishandling of the ASN1 encoding. Crypto++ allocates a SecByteBlock of the size that the ASN1 decoder reads as the...

Copy-Paste Vulnerability (CPV) Through Libxslt

nokogiri has a copied version of the libxslt library. The copy that nokogiri includes is vulnerable to the following issues: 1. CVE-2016-1683 - Denial of Service DoS via an out-of-bounds heap memory access. This is caused by libxslt mishandling namespace nodes leading to out-of-bounds heap memory...