PT-2024-24370 · Unknown · Imagesharp

Name of the Vulnerable Software and Affected Versions: ImageSharp versions prior to 2.1.8 ImageSharp versions prior to 3.1.4 Description: A vulnerability discovered in the ImageSharp library can lead to excessive memory usage in image decoders when processing specially crafted files. This flaw ca...

[SECURITY] Fedora 38 Update: libopenmpt-0.7.6-1.fc38

libopenmpt is a cross-platform C++ and C library to decode tracked music files modules into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project Open ModPlug Tracker. In order to avoid code base fragmentation, libopenmpt is developed in the same source code...

CVE-2023-2794

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decodedeliver function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check f...

CVE-2023-2794

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decodedeliver function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check f...

CVE-2023-2794 Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_deliver() function

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decodedeliver function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check f...

CVE-2023-2794

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decodedeliver function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check f...

ofono 安全漏洞

oFono is an open source telephony communication framework open-sourced by UBports. A security vulnerability exists in ofono, which originates from a stack overflow error that is triggered within the decodedeliver function during SMS decoding...

AZL-39484 CVE-2023-45288 affecting package etcd for versions less than 3.5.12-2

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

DEBIAN-CVE-2024-28182

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

AZL-39460 CVE-2024-28182 affecting package nghttp2 for versions less than 1.57.0-2

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

UBUNTU-CVE-2024-28182

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

CVE-2024-20846

Out-of-bounds write vulnerability while decoding hcr of libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code...

CVE-2024-20846

Out-of-bounds write vulnerability while decoding hcr of libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code...

CVE-2024-20846

CVE-2024-20846 describes an out-of-bounds write vulnerability in the libsavsac.so module when decoding hcr. A local attacker could potentially execute arbitrary code due to this flaw in versions prior to SMR Apr-2024 Release 1. A remediation is to update to SMR Apr-2024 Release 1 or later; a temp...

CVE-2024-20846

Out-of-bounds write vulnerability while decoding hcr of libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code...

PT-2024-18755 · Unknown · Libsavsac.So

Name of the Vulnerable Software and Affected Versions: libsavsac.so versions prior to SMR Apr-2024 Release 1 Description: The issue is related to an out-of-bounds write vulnerability while decoding hcr of libsavsac.so. This allows a local attacker to execute arbitrary code. Recommendations: For...

CVE-2024-21453

Transient DOS while decoding message of size that exceeds the available system memory...

CVE-2024-21452

Transient DOS while decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions...

CVE-2024-21454

Vulnerability CVE-2024-21454 affects Automotive Telematics and is described as a transient Denial of Service during decoding of the ToBeSignedMessage. The CVE record notes an underlying issue described as an Integer Overflow to Buffer Overflow in Automotive Telematics. The CVSS score is 7.5 (HIGH...

CVE-2024-21453

CVE-2024-21453: Affects Qualcomm chipsets; a vulnerability in the message decoding path where decoding a message larger than available system memory can cause a transient Denial of Service. The entry cites a network-based attack vector with no user interaction and high impact on availability. Pub...