11 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: A integer overflow has been fixed in aie2queryctxstatusarray. The unpublished smatch static checker reported a warning. In drivers/accel/amdxdna/aie2pci.c, line 904 of aie2queryctxstatusarray: warn: Potential...
📄 GLib Memory Exhaustion
The gbase64decode function in the GLib library fails to enforce input size limits, allowing attackers to input extremely large Base64-encrypted data, resulting in uncontrolled memory allocation. This vulnerability can be exploited by providing a specially crafted, but syntactically correct, Base6...
SUSE CVE-2025-61920
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib's JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url-encoded header or signature spans hundreds of megabytes...
CVE-2025-61920
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes...
UBUNTU-CVE-2025-61920
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes...
CVE-2025-61920
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes...
CVE-2025-61920 Authlib is vulnerable to Denial of Service via Oversized JOSE Segments
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes...
jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...
jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...
PT-2021-7917
Name of the Vulnerable Software and Affected Versions jsoup versions prior to 1.14.2 Description The issue is related to the parsing of untrusted HTML or XML, which may cause the parser to get stuck, complete more slowly than usual, or throw an unexpected exception, potentially supporting a denia...
Avirt Mail 4.0/4.2 - 'Mail From:' / 'Rcpt to:' Denial of Service
// source: https://www.securityfocus.com/bid/1825/info Due to insufficient bounds checking in the code that handles the fields 'MAIL FROM:' and 'RCPT TO:', it is possible to remotely crash Avirt Mail. Entering over 272 characters into the 'RCPT TO:' field will crash the application upon terminati...