K73008537: Apache Tomcat vulnerability CVE-2018-1336

Security Advisory Description An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86...

codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS

A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service DoS...

AlmaLinux 8 : python3 (ALSA-2023:0833)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0833 advisory. - A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a system could take 50ms to parse a...

GHSA-VVPX-J8F3-3W6H golang.org/x/net vulnerable to Uncontrolled Resource Consumption

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

golang.org/x/net vulnerable to Uncontrolled Resource Consumption

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

Uncontrolled Resource Consumption

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

GO-2023-1571 Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

SUSE CVE-2022-41723

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Go Text vulnerabilities (USN-5873-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5873-1 advisory. It was discovered that Go Text incorrectly handled certain encodings. An attacker could possibly use this issue to cause a denial...

SUSE CVE-2004-0057

The rawprint function in the ISAKMP decoding routines print-isakmp.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service segmentation fault via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than...

SUSE CVE-2004-0642

Double free vulnerabilities in the error handling code for ASN.1 decoders in the 1 Key Distribution Center KDC library and 2 client library for MIT Kerberos 5 krb5 1.3.4 and earlier may allow remote attackers to execute arbitrary code...

SUSE CVE-2004-0644

The asn1bufskiptail function in the ASN.1 decoder library for MIT Kerberos 5 krb5 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service infinite loop via a certain BER encoding...

SUSE CVE-2004-0782

Integer overflow in pixbufcreatefromxpm io-xpm.c in the XPM image decoder for gtk+ 2.4.4 gtk2 and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain ncol and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+...

SUSE CVE-2004-0788

Integer overflow in the ICO image decoder for 1 gdk-pixbuf before 0.22 and 2 gtk2 before 2.2.4 allows remote attackers to cause a denial of service application crash via a crafted ICO file...

SUSE CVE-2005-0760

The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service crash via a crafted TIFF file...

SUSE CVE-2006-0645

Tiny ASN.1 Library libtasn1 before 0.2.18, as used by 1 GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and 2 GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test...

SUSE CVE-2006-3460

Heap-based buffer overflow in the JPEG decoder in the TIFF library libtiff before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size TiffScanLineSize...

SUSE CVE-2006-3461

Heap-based buffer overflow in the PixarLog decoder in the TIFF library libtiff before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors...

SUSE CVE-2007-1246

The DMOVideoDecoderOpen function in loader/dmo/DMOVideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerabilit...

SUSE CVE-2007-1387

The DirectShow loader loader/dshow/DSVideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than...