GHSA-MFPJ-3QHM-976M Uncontrolled Resource Consumption in asyncua and opcua

All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited numb...

RUSTSEC-2021-0132 Integer overflow in the bundled Brotli C library

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. If one cannot update the C library, its...

Denial Of Service (DoS)

brotli is vulnerable to denial of service. A buffer overflow vulnerability exists where an attacker can crash the application by controlling the input length of a one-shot decompression request to a script. This happens when copying over chunks of data larger than 2 GiB...

Buffer Overflow

A buffer overflow exists in the Brotli library where an attacker controlling the input length of a one-shot decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB...

Token-Reverser - Word List Generator To Crack Security Tokens

Word list generator to crack security tokens. Example use case 1. You are testing reset password function 2. Reset password token was sent to your email box e.g. 582431d4c7b57cb4a3570041ffeb7e10 3. You suppose, it is a md5 hash of the data you provided during registration process 4. You remember...

HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

FFmpeg Denial of Service Vulnerability (CNVD-2015-05845)

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the 'decodeihdrchunk' function in the libavcodec/pngdec.c file in versions of FFmpeg prior to 2.7.2, which can be exploited by remote attackers to cause a...

HackerOne: PNG compression DoS

ztxt: http://www.libpng.org/pub/png/spec/1.1/PNG-Chunks.htmlC.zTXt "zTXT Documentation" tech: http://www.zlib.net/zlibtech.html "zlib technical details" zlibvuln1: http://www.kb.cert.org/vuls/id/680620 zlibvuln2: http://www.kb.cert.org/vuls/id/238678 PNG compression DoS ---------------------...

Sunway ForceControl SNMP NetDBServer Data Chunk Copy Buffer Overflow

Added: 02/22/2012 BID: 49747 OSVDB: 75798 Background Sunway ForceControl is a Chinese SCADA/HMI software application widely used in China to help run weapons systems, utilities and chemical plants. It is also used to a lesser extent in other countries, including the US. SNMP NetDBServer is one of...

Sunway ForceControl SNMP NetDBServer Data Chunk Copy Buffer Overflow

Added: 02/22/2012 BID: 49747 OSVDB: 75798 Background Sunway ForceControl is a Chinese SCADA/HMI software application widely used in China to help run weapons systems, utilities and chemical plants. It is also used to a lesser extent in other countries, including the US. SNMP NetDBServer is one of...