36 matches found
Authentication flaw
Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...
CVE-2022-29240
The CVE-2022-29240 issue is an uninitialized memory read during LZ4 decompression of a CQL frame in Scylla. If a user supplies a forged uncompressed length, part of the decompression buffer can remain uninitialized, enabling exploitation based on privileges. Reported impacts include an authentica...
PT-2022-19490 · Scylla +2 · Scylla Enterprise +3
Name of the Vulnerable Software and Affected Versions: Scylla Enterprise versions prior to 2020.1.14 Scylla Enterprise versions prior to 2021.1.12 Scylla Enterprise version 2022.1.0 Scylla Open Source versions prior to 4.6.7 Scylla Open Source versions prior to 5.0.3 Description: Scylla is a...
Apache Cassandra CQL Shell Service Detection
Binary data apachecassandraremotedetection.nbin...
CVE-2018-9257
In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns...
CVE-2018-9257
In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns...
CVE-2018-9257
In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns...
DEBIAN-CVE-2018-9257
In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns...
Code injection
In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns...
CVE-2018-9257
In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns...
CVE-2018-9257
In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns...
CVE-2018-9257
In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns...
CVE-2018-9257
CVE-2018-9257 affects Wireshark 2.4.0–2.4.5 where the CQL dissector could enter an infinite loop. The root cause, as documented, is in epan/dissectors/packet-cql.c, mitigated by adding a check for a nonzero number of columns. The vulnerability details are supported by the NVD entry and related ad...
CVE-2018-9257
In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns...
Wireshark CQL Parser Infinite Loop Vulnerability
Wireshark formerly Ethereal is a suite of network packet analysis software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis.CQL dissector is one of the CQL query language parsers. A security vulnerability exists i...
KLA11220 Multiple vulnerabilities in Wireshark
Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. A vulnenerability related to MP4 dissector can be exploited remotely via specially designed packet or packet...