SUSE-SU-2022:3617-1 Security update for netty

This update for netty fixes the following issues: - CVE-2020-11612: The ZlibDecoders allow for unbounded memory allocation while decoding a byte stream bsc1168932 - CVE-2021-21290: Information disclosure via the local system temporary directory bsc1182103 - CVE-2021-37136: Bzip2Decoder doesn't...

Huawei EulerOS: Security Advisory for gstreamer1-plugins-good (EulerOS-SA-2022-2463)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : gstreamer1-plugins-good (EulerOS-SA-2022-2463)

According to the versions of the gstreamer1-plugins-good packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Integer overflow in matroskademux element in gstmatroskademuxaddwvpkheader function which allows a heap overwrite while parsing...

The vulnerability of the WLAN HOST microprogramming system component in Qualcomm’s embedded chips allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the WLAN HOST microprogramming system component in Qualcomm’s embedded chips relates to the lack of checks for buffer length and reading beyond the memory boundary during frame decompression. Exploiting this vulnerability can allow a remote attacker to cause service failures ...

CVE-2022-2122

A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the qt demuxer when processing a specially crafted QuickTime/MP4 file using zlib decompression. This vulnerability can result in application crash, memory corruption, and code execution...

CVE-2022-1924

A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using lzo decompression. This vulnerability can result in application crash, memory corruption, and code execution...

CVE-2022-1923

A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using bzip decompression. This vulnerability can result in application crash, memory corruption, and code execution...

Denial Of Service (DoS)

github.com/apple/swift-nio-extras is vulnerable to denial of service. The vulnerability exists because complete HTTP body decompression is not properly detected and the code repeatedly attempts to decompress the data appended to the HTTP message causing an infinite loop which leads to an...

CVE-2022-3252

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was...

CVE-2022-3252

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was...

CVE-2022-3252

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was...

Input validation

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was...

CVE-2022-3252

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was...

CVE-2022-3252

CVE-2022-3252 affects Apple SwiftNIO Extras. The issue arises in the transparent HTTP body decompression helpers, specifically HTTPRequestDecompressor and HTTPResponseDecompressor, which fail to detect when the decompressed body is complete. Attacks can append trailing junk data to a compressed H...

PT-2022-21351 · Unknown · Swiftnio Extras

Name of the Vulnerable Software and Affected Versions: SwiftNIO Extras affected versions not specified Description: The issue is related to improper detection of complete HTTP body decompression in SwiftNIO Extras. This can lead to an infinite loop and denial-of-service when trailing junk data is...

Apple SwiftNIO Extras 安全漏洞

Apple SwiftNIO Extras is an extension for the SwiftNIO web application framework from Apple Inc. A security vulnerability exists in Apple SwiftNIO Extras, which stems from the fact that if garbage data is appended to the body of an HTTP message, the code will repeatedly attempt to decompress this...

CVE-2022-29240

Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...

Authentication flaw

Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...

CVE-2022-29240 Uninitialized memory read in LZ4 decompression leads to authentication bypass in Scylla

Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...

CVE-2022-29240 Uninitialized memory read in LZ4 decompression leads to authentication bypass in Scylla

Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...