Improper Input Validation

@openzeppelin/contracts and @openzeppelin/contracts-upgradeable are vulnerable to improper input validation. The vulnerability exists because an incorrect assumption about Solidity 0.8's abi.decode allows ERC165Checker to revert instead of returning false via a specifically crafted input request...

Authentication Bypass

@openzeppelin/contractsvulnerable to improper input validation. The vulnerability exists in the ERC165Checker function in ERC165Checker.sol and ERC165CheckerUpgradeable function in ERC165CheckerUpgradeable.sol due to the incorrect assumption about abi.decode which allows a malicious user to pass ...

CVE-2022-31172

OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...

PT-2022-6681 · FFmpeg +6 · Ffmpeg +6

Name of the Vulnerable Software and Affected Versions: FFmpeg affected versions not specified Description: A null pointer dereference issue was discovered in the decode main header function of the libavformat/nutdec.c file. The flaw occurs because the function lacks a check of the return value of...

CVE-2022-31170

OpenZeppelin Contracts (library for smart contract development) contains a vulnerability in versions 4.0.0 through 4.7.1 where ERC165Checker.supportsInterface may revert instead of returning false due to an incorrect assumption about Solidity 0.8 abi.decode. This affects contracts that use ERC165...

PT-2022-20586 · Openzeppelin · Openzeppelin Contracts

Name of the Vulnerable Software and Affected Versions: OpenZeppelin Contracts versions 4.1.0 through 4.7.1 Description: The issue concerns the SignatureChecker reverting in certain cases, which is not expected. This occurs due to an incorrect assumption about Solidity 0.8's abi.decode, specifical...

Medium: amazon-ssm-agent

Issue Overview: A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input more than 5 MB , causing a stack overflow in Decode, which leads to a loss of availability. CVE-2022-24675 Affected Packages: amazon-ssm-agent Note: This adviso...

FFmpeg decode_slice_header() function denial of service vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the Ffmpeg team. A denial of service vulnerability exists in the FFmpeg decodesliceheader function, which can be exploited by an attacker to cause a denial of service attack...

Malformed CAR panics and excessive memory usage

Impact Versions impacted = [email protected] = [email protected] Description of user-facing changes...

PHP Library Remote Code Execution Vulnerability

Several PHP compatibility libraries contain a potential remote code execution flaw in their jsondecode function based on having copy pasted existing vulnerable code. Affected components include the WassUp Realtime analytics WordPress plugin, AjaXplorer Core, and more. JAHx221 - RCE in copy/pasted...

golang: encoding/pem: fix stack overflow in Decode

A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input more than 5 MB, causing a stack overflow in Decode, which leads to a loss of availability...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow. In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData. Remediation Upgrade tinyexr to version 1.0.6 or higher. References - GitHub Issue...

CVE-2022-33032

LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decodepreR13sectionhdr at decoder11.c...

CVE-2022-33025

LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decodepreR13section at decoder11.c...

CVE-2022-33025

LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decodepreR13section at decoder11.c...

CVE-2022-33028

LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwgaddobject at decode.c...

UBUNTU-CVE-2022-34300

In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData...

CVE-2022-33024

There is an Assertion int decodepreR13entitiesBITCODERL, BITCODERL, unsigned int, BITCODERL, BITCODERL, BitChain , DwgData ' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608...

PT-2022-21657 · Libredwg · Libredwg

Name of the Vulnerable Software and Affected Versions: LibreDWG version 0.12.4.4608 Description: The issue is related to a heap-buffer-overflow in the decode preR13 section hdr function located at decode r11.c. This overflow can potentially lead to memory corruption and execution of arbitrary cod...

CLSA-2022-1655822512 Fixed 6 CVEs in kernel

net: qrtr: fix another OOB Read in qrtrendpointpost CVE-2021-3743 - vt: keyboard: avoid signed integer overflow in kascii CVE-2020-13974 - pNFS/flexfiles: fix incorrect size check in decodenfsfh CVE-2021-4157 - esp: Fix possible buffer overflow in ESP transformation CVE-2022-27666 - sock: remove...