jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...

pgJDBC 安全漏洞

pgJDBC is an open-source PostgreSQL driver developed by pgJDBC. Versions of pgJDBC from 42.2.0 to 42.7.11 contained security vulnerabilities. These vulnerabilities stemmed from a client denial-of-service vulnerability during SCRAM-SHA-256 authentication. A malicious server could instruct the driv...

CVE-2023-30421

mystrtod in mjson 1.2.7 requires more than a billion iterations during processing of certain digit strings such as 8891110122900e913013935755114...

CVE-2023-30421

mystrtod in mjson 1.2.7 requires more than a billion iterations during processing of certain digit strings such as 8891110122900e913013935755114...

CVE-2023-30421

mystrtod in mjson 1.2.7 requires more than a billion iterations during processing of certain digit strings such as 8891110122900e913013935755114...

CVE-2023-30421

The CVE-2023-30421 entry concerns mystrtod in the mjson library (version 1.2.7). Affected component: mjson’s mystrtod function; root cause: processing certain numeric strings requires an excessive number of iterations (example: 8891110122900e913013935755114). Reported impact is denial of service ...

CVE-2023-37930

Multiple issues including the use of uninitialized ressources CWE-908 and excessive iteration CWE-834 vulnerabilities vulnerability in Fortinet allows a VPN user to corrupt memory potentially leading to code or commands execution via specifically crafted requests...

jose: Denial of service due to uncontrolled CPU consumption

A flaw was found in the Jose package, where a large number of iterations used to derive the wrapping key for the PBKDF2 algorithm may lead to a denial of service. This flaw allows an attacker to set a large number of PBKDF2' iterations, triggering an uncontrolled resource consumption that impacts...

The vulnerability of the Golang programming language decoder, related to excessive iteration, allows attackers to trigger a service failure.

The vulnerability of the Golang programming language decoder is related to excessive processing load on the processor during decoding. Exploiting this vulnerability can allow a remote attacker to cause service failures...

CVE-2023-26513 Apache Sling Resource Merger: Requests to certain paths managed by the Apache Sling Resource Merger can lead to DoS

Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2...

OESA-2022-1600 openjpeg2 security update

OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, a still-image compression standard from the Joint Photographic Experts Group JPEG. Since April 2015, it is officially recognized by ISO/IEC and ITU-T as a JPEG 2000...