Lucene search
K

32 matches found

RedHat Linux
RedHat Linux
added 2026/07/06 5:32 a.m.7 views

nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()

A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the subtle.encrypt function that is a multiple of 2 gigabytes GiB. This could lead to a denial of service DoS by crashing the Node.js process...

7.5CVSS5.9AI score0.02806EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 5:48 a.m.5 views

BIT-NODE-2026-48933

A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS7.1AI score0.02806EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/06/26 1:14 a.m.10 views

CVE-2026-48933

A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS6.6AI score0.02806EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/26 1:14 a.m.43 views

CVE-2026-48933

A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS0.02806EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 1:14 a.m.4 views

CVE-2026-48933

A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS7.1AI score0.02806EPSS
Exploits0References15
CVE
CVE
added 2026/06/26 1:14 a.m.110 views

CVE-2026-48933

CVE-2026-48933 describes a vulnerability in Node.js WebCrypto where AES processing in subtle.encrypt() can crash the process when the input size is a multiple of 2 GiB. The connected SUSE advisory confirms this CVE is addressed in the nodejs24 update to 24.17.0 as part of a rollup that fixes mult...

7.5CVSS6.6AI score0.02806EPSS
Exploits0References13Affected Software1
EUVD
EUVD
added 2026/06/25 4:53 p.m.6 views

EUVD-2026-39493

AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...

2CVSS5.8AI score0.00114EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010953)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010953 advisory. In the Linux kernel, the following vulnerability has been resolved: perf: armspe: Prevent overflow in PERFIDX2OFF Cast nrpages to unsigned long to avoid overflow whe...

5.8AI score0.00193EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/14 11:25 p.m.10 views

SUSE CVE-2026-35195

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings between components contains a bug where the return value of a guest component's realloc is not validated before the host attempts to write through the pointer. This...

5.9CVSS5.9AI score0.00216EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/10 6:10 a.m.5 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to an integer overflow in the wcCmacUpdate function. An attacker can generate forged CMAC tags by exploiting the wraparound of the totalSz variable after processing 4 GiB of data, which causes the...

8.2CVSS5.9AI score0.0042EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/31 1:28 p.m.9 views

EUVD-2026-17413

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

7.2CVSS5.8AI score0.00141EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/26 2:43 p.m.5 views

SUSE CVE-2026-33809

A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error...

5.3CVSS5.8AI score0.00328EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/25 9:30 p.m.9 views

Go Images vulnerable to an out-of-memory error via a crafted TIFF file

A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error...

5.3CVSS5.8AI score0.00328EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/25 7:16 p.m.3 views

DEBIAN-CVE-2026-33809

A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error...

5.3CVSS6AI score0.00328EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 6:24 p.m.5 views

CVE-2026-33809 OOM from malicious IFD offset in golang.org/x/image/tiff

A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error...

5.8AI score0.00328EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/03/25 6:24 p.m.8 views

CVE-2026-33809

A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error...

5.3CVSS6AI score0.00328EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/23 11:14 a.m.9 views

CVE-2026-2913

A flaw was found in libvips. A local attacker could exploit a heap-based buffer overflow vulnerability in the vipssourcereadtomemory function when processing custom seekable sources larger than 4 Gigabytes GiB. While the direct impact on libvips is negligible, this flaw could lead to a crash in t...

7CVSS4.9AI score0.00182EPSS
Exploits1References11
OSV
OSV
added 2026/02/18 10:30 a.m.7 views

OSEC-2026-02 ARP unbounded memory usage

Background Mirage's implementation of the ARP protocol RFC826 caches ARP replies to construct an IPv4 address - MAC address cache. This cache is long-lived effectively global, and also contains pending ARP requests, which are replaced by the reply, or deleted after a timeout. ARP replies that do...

7.4CVSS6AI score
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/09/16 4:15 p.m.4 views

CVE-2025-58749

WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. In WAMR versions prior to 2.4.2, when running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill instruction where the first operand memory address...

5.3CVSS6.8AI score0.00344EPSS
Exploits1References2
OSV
OSV
added 2025/09/16 4:15 p.m.8 views

AZL-67608 CVE-2025-58749 affecting package fluent-bit for versions less than 3.1.9-6

WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. In WAMR versions prior to 2.4.2, when running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill instruction where the first operand memory address...

5.3CVSS5.7AI score0.00344EPSS
Exploits1References1
Rows per page
Query Builder