5 matches found
EUVD-2023-1984
Malicious code in bioql PyPI...
RISC Zero Underconstrained Vulnerability: Division
Two issues were found: For some inputs to signed integer division, the circuit allowed two outputs, only one of which was valid. Additionally, the result of division by zero was underconstrained. This vulnerability was identified using the Picus tool from Veridise. Impacted on-chain verifiers hav...
GHSA-F6RC-24X4-PPXP RISC Zero Underconstrained Vulnerability: Division
Two issues were found: For some inputs to signed integer division, the circuit allowed two outputs, only one of which was valid. Additionally, the result of division by zero was underconstrained. This vulnerability was identified using the Picus tool from Veridise. Impacted on-chain verifiers hav...
ezplatform-graphql GraphQL queries can expose password hashes
Impact Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically but not necessarily limited to administrators and editors. Patches Resolving versions: Ibexa DXP v1.0.13, v2.3.12 Workarounds Remove the "passwordHash" ent...
S3 storage write is not aborted on errors leading to unbounded memory usage
Impact Anyone using storage.blob.s3 introduced in 0.5.0 with storage.imapsql. storage.imapsql localmailboxes ... msgstore s3 ... Patches The relevant commit is pushed to master and will be included in the 0.5.1 release. No special handling of the issue has been done due to the small amount of...