Lucene search
+L

107 matches found

FreeBSD
FreeBSD
added 2022/10/04 12:0 a.m.31 views

go -- multiple vulnerabilities

The Go project reports: archive/tar: unbounded memory consumption when reading headers Reader.Read did not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics...

7.7AI score
Exploits0References1
Veracode
Veracode
added 2022/07/07 11:58 a.m.13 views

Denial Of Service (DoS)

github.com/ipld/go-car is vulnerable to denial of service. The vulnerability exists in LdRead function in util.go because the decoding of CAR data is not properly handled which leads to an excessive memory usage causing an application crash...

2.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/05/31 12:0 a.m.56 views

Nginx Plus R1 < R15-P2 / R16 < R16-P1 Multiple Vulnerabilities

According to its self reported version, the installed version of Nginx Plus is R1 built on Open Source version 1.5.3-1 prior to R15-P2 or R16 built on Open Source version 1.15.2 prior to R16-P1. It is, therefore, affected by the following issues : - An unspecified error exists related to the modu...

8.2CVSS6.7AI score0.47057EPSS
Exploits1References7
NVD
NVD
added 2022/05/21 12:15 a.m.15 views

CVE-2022-29189

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could explo...

5.3CVSS0.01952EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2022/05/20 11:55 p.m.37 views

CVE-2022-29189

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could explo...

5.3CVSS5.3AI score0.01952EPSS
Exploits0
OSV
OSV
added 2022/05/20 11:55 p.m.21 views

CVE-2022-29189 Buffer for inbound DTLS fragments has no limit

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could explo...

5.3CVSS5.4AI score0.01952EPSS
Exploits0References5
OSV
OSV
added 2021/10/19 3:15 p.m.31 views

CVE-2021-37137

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by...

7.5CVSS6.7AI score
Exploits0References13
Prion
Prion
added 2021/10/19 3:15 p.m.35 views

Memory corruption

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by...

5CVSS8.3AI score0.0628EPSS
Exploits0References13Affected Software11
Debian CVE
Debian CVE
added 2021/10/19 12:0 a.m.39 views

CVE-2021-37137

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by...

7.5CVSS7.1AI score0.0628EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2021/09/09 5:11 p.m.71 views

SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way

Impact The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by...

7.5CVSS8AI score0.0628EPSS
Exploits0References19Affected Software3
Github Security Blog
Github Security Blog
added 2021/08/25 8:46 p.m.23 views

Excessive memory usage in tokio-rustls

tokio-rustls does not call processnewpackets immediately after read, so the expected termination condition wantsread always returns true. As long as new incoming data arrives faster than it is processed and the reader does not return pending, data will be buffered. This may cause DoS...

7.5CVSS7.3AI score0.01336EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/05/27 1:43 p.m.8 views

MGASA-2021-0222 Updated wireshark packages fix a security vulnerability

The MS-WSP dissector could consume excessive amounts of memory CVE-2021-22207...

6.5CVSS6.9AI score0.02023EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2021/05/07 3:53 p.m.55 views

Uncontrolled Resource Consumption in Apache Tika

A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23...

5.5CVSS5.9AI score0.02926EPSS
Exploits0References7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/10 9:31 p.m.25 views

Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4135).

Summary Db2 is vulnerable to a denial of service. Db2 could allow an attacker to send specially crafted packets to the Db2 server to cause excessive memory usage and cause Db2 to terminate abnormally. Vulnerability Details CVEID: CVE-2020-4135 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows...

7.5CVSS0.8AI score0.02927EPSS
Exploits0Affected Software1
UbuntuCve
UbuntuCve
added 2021/03/03 6:15 p.m.34 views

CVE-2021-22883

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unabl...

7.8CVSS6.8AI score0.77385EPSS
Exploits0References4
NVD
NVD
added 2020/12/31 10:15 a.m.13 views

CVE-2020-35875

An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may occur when data arrives quickly...

7.5CVSS7.5AI score0.01336EPSS
Exploits0References1
CVE
CVE
added 2020/12/31 8:27 a.m.61 views

CVE-2020-35875

CVE-2020-35875 affects the Rust crate tokio-rustls (before 0.13.1). The root cause is that tokio-rustls does not call process_new_packets immediately after read, causing wants_read to always return true and allowing data to accumulate in memory when data arrives faster than it is processed. This ...

7.5CVSS7.4AI score0.01336EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2020/10/07 12:0 a.m.25 views

Ubuntu: Security Advisory (USN-4564-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.6AI score0.02926EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/10/05 12:0 a.m.41 views

Ubuntu 16.04 LTS : Apache Tika vulnerabilities (USN-4564-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4564-1 advisory. It was discovered that Apache Tika can have an excessive memory usage by using a crafted or corrupt PSD file. An attacker could use it to cause a denial ...

5.5CVSS7AI score0.02926EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/07/22 12:40 p.m.89 views

Important: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.3CVSS6.5AI score0.05166EPSS
Exploits0References8
Rows per page
Query Builder