3202 matches found
OESA-2021-1423 netty security update
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages...
The vulnerability of the decompression function Dwa in the IlmImf software library for storing images in OpenEXR format, which has a wide dynamic range of brightness levels. This vulnerability is related to pointer arithmetic errors, allowing attackers to cause service interruptions.
The vulnerability of the decompression function in the Dwa library of the OpenEXR image storage software for images with wide dynamic ranges is related to pointer arithmetic errors. Exploiting this vulnerability could allow an attacker to cause service interruptions...
Zip Password Recovery缓冲区错误漏洞
KryLack Software Zip Password Recovery is an advanced software from KryLack Software. It is used to recover lost or forgotten passwords to Zip WinZip archives. A buffer error vulnerability exists in Passcovery ZIP Password Recovery version 3.70.69.0, which stems from a buffer overflow vulnerabili...
CVE-2021-37136
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack...
DEBIAN-CVE-2021-37136
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack...
CVE-2021-37136
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack...
CVE-2021-37136
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack...
Design/Logic Flaw
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack...
Netty 资源管理错误漏洞
Netty is a non-blocking I/O client-server framework from the Netty community that is primarily used to develop Java web applications such as protocol servers and clients. A resource management error vulnerability exists in netty that stems from the Bzip2 decompression decoder function not allowin...
CVE-2021-37136
CVE-2021-37136 : The Bzip2 decompression decoder can set no limit on the decompressed output size, affecting all Bzip2Decoder users. This under- or over-allocates memory during decompression and can trigger an OutOfMemoryError, enabling DoS. Connected IBM/ASTRA entries reiterate the same descript...
CVE-2021-37136
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack...
CVE-2021-37136
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack...
PT-2021-6324 · Unknown +4 · Clickhouse +3
Name of the Vulnerable Software and Affected Versions: ClickHouse affected versions not specified Description: The issue is related to a heap buffer overflow in ClickHouse's LZ4 compression codec. This occurs when parsing a malicious query, as there is no verification that copy operations in the...
CVE-2021-42388
Heap out-of-bounds read in ClickHouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...
CVE-2021-43305
Heap buffer overflow in ClickHouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend , don't exceed the destination buffer's limits. This iss...
Zephyr integer underflow vulnerability
Zephyr is a small real-time operating system for interconnected, resource-constrained embedded devices. an integer underflow vulnerability in 6LoWPAN IPHC header decompression in Zephyr 2.4.0 and later can be exploited by attackers to cause out-of-bounds access in the Pv6 parsing logic...
CVE-2021-33602
A vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive LZW decompression method, and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in Denial-of-Service o...
Design/Logic Flaw
A vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive LZW decompression method, and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in Denial-of-Service o...
CVE-2021-33602
The CVE-2021-33602 issue affects the F-Secure Antivirus engine, where unpacking a ZIP archive via LZW decompression can crash the scanning engine. Exploitation is described as remote and can result in Denial-of-Service of the antivirus engine. Supported sources (Red Hat, NVD, CVE lists, CNNVD) co...
F-Secure Anti-Virus 安全漏洞
F-secure F-Secure Anti-Virus is a suite of antivirus software from the Finnish company F-Secure F-secure. The program integrates several virus monitoring engines for real-time virus scanning of the operating system and provides powerful background management features. A security vulnerability...