GHSA-3HG2-R75X-G69M Vyper has incorrect re-entrancy lock when key is empty string

Impact Locks of the type @nonreentrant"" or @nonreentrant'' do not produce reentrancy checks at runtime. Vyper @nonreentrant"" unprotected @external def bar: pass @nonreentrant"lock" protected @external def foo: pass Patches Patched in 3605 Workarounds The lock name should be a non-empty string...

Vyper has incorrect re-entrancy lock when key is empty string

Impact Locks of the type @nonreentrant"" or @nonreentrant'' do not produce reentrancy checks at runtime. Vyper @nonreentrant"" unprotected @external def bar: pass @nonreentrant"lock" protected @external def foo: pass Patches Patched in 3605 Workarounds The lock name should be a non-empty string...

The vulnerability of the xmlDictComputeFastKey function (dict.c) in the Libxml2 library allows a hacker to cause a service failure.

The vulnerability of the xmlDictComputeFastKey function in the dict.c file of the Libxml2 library is related to a memory reclamation issue when working with empty string hash dictionaries. Exploiting this vulnerability could allow an attacker to cause service interruptions...

OESA-2023-1262 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

CVE-2023-29469

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. Remediation Upgrade zstd to version 1.5.4 or higher. References - GitHub Issue - GitHub PR Credit: yiyuaner...

A vulnerability was found in zstd v1.4.10 where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

...

zstd vulnerable to buffer overrun

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun...

CVE-2022-4899

A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun...

Debian: Security Advisory (DLA-91)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2011-2691

The pngerr function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service application crash vi...

SUSE CVE-2016-8578

The v9fsiovvunmarshal function in fsdev/9p-iov-marshal.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service NULL pointer dereference and QEMU process crash by sending an empty string parameter to a 9P operation...

SUSE CVE-2017-14166

libarchive 3.3.2 allows remote attackers to cause a denial of service xmldata heap-based buffer over-read and application crash via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archivereadsupportformatxar.c...

SUSE CVE-2018-1304

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...

GSD-2022-1001287 exec: Force single empty string when argv is empty

exec: Force single empty string when argv is empty This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...

RHEL 7 / 8 : OpenShift Container Platform 4.10.3 (RHSA-2022:0055)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0055 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...