CVE-2024-43806 `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion

Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...

rustix 安全漏洞

rustix is a secure Rust binding to a POSIX-style API open-sourced by the Bytecode Alliance. A security vulnerability exists in rustix that stems from memory over-allocation, which could lead to a rapid and unlimited memory explosion...

Security Bulletin: rustix-0.37.20.crate, rustix-0.38.14.crate and rustix-0.38.2.crate is vulnerable to WS-2023-0366 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses rustix-0.37.20.crate, rustix-0.38.14.crate and rustix-0.38.2.crate which is vulnerable to WS-2023-0366 Vulnerability Details IBM X-Force ID: 269579 DESCRIPTION: Bytecode Alliance rustix is vulnerable to a denial of service, caused by...

PT-2024-13617 · Archibus · Archibus

Name of the Vulnerable Software and Affected Versions: Archibus app version 4.0.3 for iOS Description: An issue was discovered in the Archibus app, which uses a local database synchronized with a Web central server instance. There is a SQL injection in the search work request feature in the...

Who’s Responsible for the Gaza Hospital Explosion? Here’s Why It’s Hard to Know What’s Real

A flood of false information, partisan narratives, and weaponized “fact-checking" has obscured efforts to find out who’s responsible for an explosion at a hospital in Gaza...

GHSA-C827-HFW6-QWVM rustix's `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion

Summary When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and unbounded memory explosion gigabytes in a few seconds i...

rustix's `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion

Summary When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and unbounded memory explosion gigabytes in a few seconds i...

PT-2023-32952 · Trustix +2 · Rustix +2

Name of the Vulnerable Software and Affected Versions: Rustix versions prior to 0.35.15 Rustix versions prior to 0.36.16 Rustix versions prior to 0.37.25 Rustix versions prior to 0.38.19 Description: The issue arises when using rustix::fs::Dir with the linux raw backend, where the iterator can ge...

SUSE CVE-2008-3790

The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service CPU consumption via an XML document with recursively nested entities, aka an "XML entity explosion."...

SUSE CVE-2013-0247

OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service disk consumption via many invalid token requests that trigger excessive generation of log entries...

SUSE CVE-2019-25076

The TSS Tuple Space Search algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service delays of legitimate traffic via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, ak...

Moses Staff Hackers Publish Footage of Jerusalem Explosion

By Habiba Rashid According to claims made by Moses Staff hackers, they hacked a major Israeli security firm to access and leak the footage. This is a post from HackRead.com Read the original post: Moses Staff Hackers Publish Footage of Jerusalem Explosion...

CVE-2019-25076

A flaw was found in the Tuple Space Search TSS algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0. This issue allows remote attackers to cause a denial of service via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache...

The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache aka a Tuple Space Explosion (TSE) attack.

...

CVE-2019-25076

The TSS Tuple Space Search algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service delays of legitimate traffic via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, ak...

Code injection

The TSS Tuple Space Search algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service delays of legitimate traffic via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, ak...

CVE-2019-25076

The TSS Tuple Space Search algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service delays of legitimate traffic via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, ak...

UBUNTU-CVE-2019-25076

The TSS Tuple Space Search algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service delays of legitimate traffic via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, ak...

CVE-2019-25076

CVE-2019-25076 affects Open vSwitch 2.x up to 2.17.2 and 3.0.0. The issue, known as Tuple Space Explosion (TSE), allows remote attackers to cause denial of service by sending crafted packets that require excessive evaluation time in the MegaFlow cache packet classification. The connected document...

CVE-2019-25076

The TSS Tuple Space Search algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service delays of legitimate traffic via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, ak...