4783 matches found
CVE-2024-53146
In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is = U32MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decodecbcompound4res...
AZL-54945 CVE-2024-53146 affecting package kernel for versions less than 5.15.176.3-1
In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is = U32MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decodecbcompound4res...
UBUNTU-CVE-2024-53146
In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is = U32MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decodecbcompound4res...
CVE-2024-53146 NFSD: Prevent a potential integer overflow
In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is = U32MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decodecbcompound4res...
Huawei HarmonyOS image decoding module read/write vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A read/write vulnerability exists in the Huawei HarmonyOS image decoding module. An attacker could exploit this vulnerability to affect availability...
GO-2024-3339 Transaction decoding may result in a stack overflow or resource exhaustion in github.com/cosmos/cosmos-sdk
Transaction decoding may result in a stack overflow or resource exhaustion in github.com/cosmos/cosmos-sdk...
PT-2024-36786 · Matter · Matter
Name of the Vulnerable Software and Affected Versions: Matter also known as connectedhomeip or Project CHIP versions 1.4.0.0 and earlier Description: The issue concerns the WriteAcl function, which first deletes all existing ACL entries and then attempts to recreate them based on user input. If...
mpg123: Buffer overflow when writing decoded PCM samples
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is...
mpg123: Buffer overflow when writing decoded PCM samples
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is...
Moderate: Red Hat Security Advisory: mpg123 security update
An update for mpg123 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Moderate: mpg123:1.32.9 security update
The mpg123 packages contain real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2, and 3 most commonly MPEG 1.0 layer 3 also known as MP3, as well as re-usable decoding and output libraries. Security Fixes: mpg123: Buffer overflow when writing decoded PCM samples CVE-2024-10573 For more...
ALSA-2024:11217 Important: skopeo security update
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack...
GHSA-8WCC-M6J2-QXVM ASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion
Summary ASA-2024-0012 Name: ASA-2024-0012, Transaction decoding may result in a stack overflow Component: Cosmos SDK Criticality: High Considerable Impact, and Possible Likelihood per ACMv1.2 Affected versions: cosmos-sdk versions = v0.50.10, = v0.47.14 Affected users: Chain Builders + Maintainer...
squid: Request/Response smuggling in HTTP/1.1 and ICAP
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...
CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion
ASA-2024-0012: Transaction decoding may result in a stack overflow When decoding a maliciously formed packet with a deeply-nested structure, it may be possible for a stack overflow to occur and result in a network halt. This was addressed by adding a recursion limit while decoding the packet...
CVE-2024-54108
Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability...
CVE-2024-54108
Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability...
CVE-2024-54109
Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability...
CVE-2024-54109
Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability...
CVE-2024-54111
Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability...