Lucene search
+L

203 matches found

RedHat Linux
RedHat Linux
added 2 days ago7 views

nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()

A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the subtle.encrypt function that is a multiple of 2 gigabytes GiB. This could lead to a denial of service DoS by crashing the Node.js process...

7.5CVSS6.9AI score0.02806EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 3 days ago9 views

nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()

A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the subtle.encrypt function that is a multiple of 2 gigabytes GiB. This could lead to a denial of service DoS by crashing the Node.js process...

7.5CVSS6.9AI score0.02806EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 3:7 p.m.6 views

nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()

A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the subtle.encrypt function that is a multiple of 2 gigabytes GiB. This could lead to a denial of service DoS by crashing the Node.js process...

7.5CVSS7AI score0.02806EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 2:47 p.m.6 views

nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()

A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the subtle.encrypt function that is a multiple of 2 gigabytes GiB. This could lead to a denial of service DoS by crashing the Node.js process...

7.5CVSS7AI score0.02806EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 4:52 a.m.6 views

nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()

A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the subtle.encrypt function that is a multiple of 2 gigabytes GiB. This could lead to a denial of service DoS by crashing the Node.js process...

7.5CVSS7.1AI score0.02806EPSS
Exploits0References5
OSV
OSV
added 2026/07/01 12:16 a.m.4 views

DEBIAN-CVE-2026-54903

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in bufappendstring buf.h:61 converts the string length to a large negative sizet,...

6.3CVSS5.8AI score0.00253EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 12:16 a.m.7 views

CVE-2026-54903

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in bufappendstring buf.h:61 converts the string length to a large negative sizet,...

6.3CVSS0.00253EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 12:16 a.m.5 views

UBUNTU-CVE-2026-54903

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in bufappendstring buf.h:61 converts the string length to a large negative sizet,...

6.3CVSS5.8AI score0.00253EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 11:42 p.m.26 views

CVE-2026-54903

Oj is a Ruby gem that contains a heap corruption vulnerability in Oj.load for JSON strings larger than 2 GB, caused by an integer overflow in buf_append_string (buf.h:61) that turns the length into a negative size_t, leading memcpy to copy out-of-bounds data and crash. Affected versions are those...

6.3CVSS5.8AI score0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 11:42 p.m.37 views

CVE-2026-54903 Oj: Integer Overflow in Oj.load 2GB String Handling

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in bufappendstring buf.h:61 converts the string length to a large negative sizet,...

6.3CVSS0.00253EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/30 11:42 p.m.7 views

CVE-2026-54903

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in bufappendstring buf.h:61 converts the string length to a large negative sizet,...

6.3CVSS5.8AI score0.00253EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:11 a.m.7 views

RDMA/umem: Fix truncation for block sizes >= 4G

...

7.8CVSS5.8AI score0.00129EPSS
Exploits0
EUVD
EUVD
added 2026/06/25 10:21 p.m.11 views

EUVD-2026-31400

golang.org/x/crypto/ssh vulnerable to infinite loop on large channel writes...

9.1CVSS5.8AI score0.00466EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/25 6:18 p.m.8 views

CVE-2026-53015

A flaw was found in the Linux kernel's erofs filesystem. On 32-bit platforms, the lcn variable, used for logical cluster numbers, was defined as a 32-bit integer. This could lead to truncation when calculating offsets larger than 4 Gigabytes GiB, potentially causing incorrect data handling within...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 6:16 p.m.11 views

CVE-2026-55967

AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...

7.5CVSS0.00114EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53133

In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix truncation for block sizes = 4G When the iommu is used the linearization of the mapping can give a single block that is very large split across multiple SG entries. When rdmablockiternext reassembles the split SG...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References11
Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.7 views

CVE-2026-53133

In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix truncation for block sizes = 4G When the iommu is used the linearization of the mapping can give a single block that is very large split across multiple SG entries. When rdmablockiternext reassembles the split SG...

7.8CVSS5.7AI score0.00129EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/24 11:59 a.m.2 views

nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()

A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the subtle.encrypt function that is a multiple of 2 gigabytes GiB. This could lead to a denial of service DoS by crashing the Node.js process...

7.5CVSS6.9AI score0.02806EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 5:18 p.m.3 views

MINI-M64F-32GG-56GV

Bulletin has no description...

9.1CVSS5.8AI score0.0036EPSS
Exploits0
Snyk
Snyk
added 2026/06/19 8:47 p.m.4 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the bufappendstring function. An attacker can cause heap corruption and process crashes by supplying a specially crafted JSON string larger than 2 GB, which triggers an integer overflow and results in...

8.7CVSS5.9AI score0.00253EPSS
Exploits0References2
Rows per page
Query Builder