21 matches found
CVE-2026-46128
A flaw was found in the Linux kernel's Intelligent Platform Management Interface IPMI subsystem. This vulnerability occurs when the kernel processes event message buffer responses from Baseboard Management Controllers BMCs. Some BMCs may return an empty message instead of an expected error, which...
GO-2026-4354 Rekor's COSE v0.0.1 entry type nil pointer dereference in Canonicalize via empty Message in github.com/sigstore/rekor
Rekor's COSE v0.0.1 entry type nil pointer dereference in Canonicalize via empty Message in github.com/sigstore/rekor...
SUSE CVE-2026-23831
Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate returns nil success when message is...
UBUNTU-CVE-2026-23831
Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate returns nil success when message is...
CVE-2026-23831
Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate returns nil success when message is...
CVE-2026-23831
Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate returns nil success when message is...
CVE-2026-23831 Rekor COSE v0.0.1 Canonicalize crashes when passed empty Message
Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate returns nil success when message is...
CVE-2026-23831 Rekor COSE v0.0.1 Canonicalize crashes when passed empty Message
Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate returns nil success when message is...
CVE-2026-23831
Rekor (software supply chain transparency log) versions 1.4.3 and earlier are affected by a vulnerability where an empty spec.message can cause a nil pointer dereference during entry canonicalization, as validate() may return nil for empty message and Canonicalize() dereferences sign1Msg.Payload....
CVE-2026-23831
Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate returns nil success when message is...
Rekor's COSE v0.0.1 entry type nil pointer dereference in Canonicalize via empty Message
Summary Rekor’s cose v0.0.1 entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message. validate returns nil success when message is empty, leaving sign1Msg uninitialized, and Canonicalize later dereferences v.sign1Msg.Payload. Impa...
GHSA-273P-M2CW-6833 Rekor's COSE v0.0.1 entry type nil pointer dereference in Canonicalize via empty Message
Summary Rekor’s cose v0.0.1 entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message. validate returns nil success when message is empty, leaving sign1Msg uninitialized, and Canonicalize later dereferences v.sign1Msg.Payload. Impa...
CVE-2023-53141
In the Linux kernel, the following vulnerability has been resolved: ila: do not generate empty messages in ilaxlatnlcmdgetmapping ilaxlatnlcmdgetmapping generates an empty skb, triggerring a recent sanity check 1. Instead, return an error code, so that user space can get it. 1 skbassertlen WARNIN...
CVE-2023-53141
CVE-2023-53141 is a Linux kernel vulnerability described in the Unity/Nessus materials. The issue is in ila_xlat_nl_cmd_get_mapping() for IPv6 ila (used by netlink): it can generate an empty skb, which would trigger a sanity check. The fix is to return an error code instead of generating an empty...
SUSE CVE-2013-4130
The 1 redchannelpipesaddtype and 2 redchannelpipesaddemptymsg functions in server/redchannel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service reachable assertion and server exit by triggering a network error...
SUSE CVE-2018-19935
ext/imap/phpimap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty string in the message argument to the imapmail function...
ALPINE-CVE-2018-19935
ext/imap/phpimap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty string in the message argument to the imapmail function...
CVE-2018-2488
It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and cause the application to crash. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version...
DEBIAN-CVE-2013-4130
The 1 redchannelpipesaddtype and 2 redchannelpipesaddemptymsg functions in server/redchannel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service reachable assertion and server exit by triggering a network error...
Thomson ST 2030 SIP phone DoS
Crash on invalid INVITE request Via: and To: headers and also on empty message...