CVE-2020-24339

The CVE concerns picoTCP/picoTCP-NG up to version 1.7.0 where DNS domain name decompression (pico_dns_decompress_name in pico_dns_common.c) does not validate compression pointer offsets against the DNS packet data, causing out-of-bounds reads and Denial-of-Service. The issue affects picoTCP and p...

CVE-2020-24338

Summary of CVE-2020-24338 (AMNESIA:33) from provided sources : It affects picoTCP (and picoTCP-NG) up to version 1.7.0, where DNS domain name record decompression in pico_dns_decompress_name() fails to validate compression pointer offsets against DNS response data. This can cause out-of-bounds wr...

CVE-2020-24338

An issue was discovered in picoTCP through 1.7.0. The DNS domain name record decompression functionality in picodnsdecompressname in picodnscommon.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds writ...

CVE-2020-25630

A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported...

Heap overflow

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an...

CVE-2020-6150

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow...

CVE-2020-6148

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow...

CVE-2020-6148

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow...

CVE-2020-6150

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow...

Heap overflow

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow...

Heap overflow

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow...

Heap overflow

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow...

CVE-2020-6148

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow...

CVE-2020-6150

Four heap overflow CVEs in Pixar OpenUSD 20.05 related to USDC file format decompression of SPECS, FIELDS, FIELDSETS, and PATHS sections. TALOS-2020-1094 details exact code paths (crateFile.cpp) where unvalidated section sizes and mismatched ReadContiguous/decompression buffers allow heap-based o...

Updated brotli packages fix security vulnerability

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB CVE-2020-8927...

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

CVE-2020-8927

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli...

Buffer Overflow

A buffer overflow exists in the Brotli library where an attacker controlling the input length of a one-shot decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB...

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...