6 matches found
CLSA-2025-1766137116 Fix CVE(s): CVE-2025-6020
Reworked CVE-2025-6020 patches to preserve ABI compatibility - Add pammodutilsanitizehelperfds as a static inline helper in the header for modules - Keep the exported pammodutilsanitizehelperfds in libpam as a wrapper that calls the new helper...
PT-2025-28030 · Web-Push · Web-Push
Name of the Vulnerable Software and Affected Versions: web-push crate versions prior to 0.10.3 Description: The issue allows an attacker to cause a denial of service condition through excessive memory consumption in the built-in clients of the web-push crate via a large integer in a Content-Lengt...
DEBIAN-CVE-2023-37457
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIPHEADER dialplan function can exceed the available buffer space...
ALPINE-CVE-2023-37457
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIPHEADER dialplan function can exceed the available buffer space...
UBUNTU-CVE-2023-37457
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIPHEADER dialplan function can exceed the available buffer space...
Important: golang
Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...