581 matches found
CVE-2020-15254
Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that Vec::fromiter has allocated capacity that same as the number of iterator elements. Vec::fromiter does not actually guarantee that and may allocate extra...
DEBIAN-CVE-2020-25863
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts...
UBUNTU-CVE-2020-25863
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts...
PT-2020-6940 · Gnu +2 · Gnu Nm +2
Name of the Vulnerable Software and Affected Versions: GNU nm versions prior to 2.34 Description: The issue is related to a memory consumption problem in the get data function in binutils/nm.c. This allows attackers to cause a denial of service via crafted commands. The vulnerability is associate...
kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open
There is a use-after-free problem seen due to a race condition between the release of ptpclock and cdev while resource deallocation. When a high privileged process allocates a ptp device file like /dev/ptpX and voluntarily goes to sleep. During this time if the underlying device is removed, it ca...
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.
...
USN-4411-1 linux, linux-aws, inux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi, linux-riscv vulnerabilities
It was discovered that the elf handling code in the Linux kernel did not initialize memory before using it in certain situations. A local attacker could use this to possibly expose sensitive information kernel memory. CVE-2020-10732 Matthew Sheets discovered that the SELinux network label handlin...
USN-4413-1 linux-gke-5.0, linux-oem-osp1 vulnerabilities
Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service system crash. CVE-2020-10711 It was discovered that the SCSI generic sg driver in...
RUSTSEC-2020-0052 Undefined Behavior in bounded channel
The affected version of this crate's the bounded channel incorrectly assumes that Vec::fromiter has allocated capacity that same as the number of iterator elements. Vec::fromiter does not actually guarantee that and may allocate extra memory. The destructor of the bounded channel reconstructs Vec...
Undefined Behavior in bounded channel
The affected version of this crate's the bounded channel incorrectly assumes that Vec::fromiter has allocated capacity that same as the number of iterator elements. Vec::fromiter does not actually guarantee that and may allocate extra memory. The destructor of the bounded channel reconstructs Vec...
The vulnerability of the ThrowException function in the GraphicsMagick graphics editor, related to the use after deallocation, allows a malicious actor to gain unauthorized access to information and compromise its integrity and accessibility.
The vulnerability of the ThrowException function in the GraphicsMagick graphics editor is related to the use of objects after they are released from memory. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to information and compromise its...
CVE-2020-10690
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptpclock and cdev while resource deallocation. When a high privileged process allocates a ptp device file like /dev/ptpX and voluntarily goes to sleep. During this time if the underlying device ...
DEBIAN-CVE-2020-10690
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptpclock and cdev while resource deallocation. When a high privileged process allocates a ptp device file like /dev/ptpX and voluntarily goes to sleep. During this time if the underlying device ...
CVE-2020-10690
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptpclock and cdev while resource deallocation. When a high privileged process allocates a ptp device file like /dev/ptpX and voluntarily goes to sleep. During this time if the underlying device ...
Race condition
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptpclock and cdev while resource deallocation. When a high privileged process allocates a ptp device file like /dev/ptpX and voluntarily goes to sleep. During this time if the underlying device ...
CVE-2020-10690
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptpclock and cdev while resource deallocation. When a high privileged process allocates a ptp device file like /dev/ptpX and voluntarily goes to sleep. During this time if the underlying device ...
CVE-2020-10690
The CVE-2020-10690 entry affects Linux kernel versions before 5.5. It is caused by a race between the release of ptp_clock and the cdev during resource deallocation, which can free the cdev structure while a high-privileged process holding /dev/ptpX is sleeping. When the underlying device is remo...
CVE-2020-10690
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptpclock and cdev while resource deallocation. When a high privileged process allocates a ptp device file like /dev/ptpX and voluntarily goes to sleep. During this time if the underlying device ...
The vulnerability of Google Chrome browsers, related to memory usage after deallocation, allows attackers to gain unauthorized access to information and compromise its integrity and accessibility.
The vulnerability of Google Chrome relates to the use of memory after deallocation. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to information and compromise its integrity and availability through a specially created HTML page...
The vulnerability of Google Chrome browsers, related to memory usage after deallocation, allows attackers to gain unauthorized access to information and compromise its integrity and accessibility.
The vulnerability of Google Chrome relates to the use of memory after deallocation. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to information and compromise its integrity and availability through a specially created HTML page...