CVE-2023-48298

CVE-2023-48298 affects ClickHouse, specifically the FPC codec decompression path. The issue is an integer underflow that can crash the server via a stack buffer overflow, exploitable by an unauthenticated attacker. The vulnerability is described as similar to CVE-2023-47118; no explicit remediati...

CVE-2023-48298 Integer underflow leading to stack overflow in FPC codec decompression

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...

CVE-2023-48298 Integer underflow leading to stack overflow in FPC codec decompression

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...

CVE-2023-48298 Integer underflow leading to stack overflow in FPC codec decompression

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...

CVE-2023-48298

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...

ClickHouse Number Error Vulnerability

ClickHouse is ClickHouse's fastest and most resource efficient open source database for real-time applications and analytics. ClickHouse suffers from a numeric error vulnerability that stems from the presence of a stack buffer overflow, resulting in an integer underflow and program crash...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : freerdp (SUSE-SU-2023:4893-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4893-1 advisory. - FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache...

SUSE-SU-2023:4893-1 Security update for freerdp

This update for freerdp fixes the following issues: - CVE-2023-39350: Fixed incorrect offset calculation leading to DoS bsc1214856. - CVE-2023-39351: Fixed Null Pointer Dereference leading DoS in RemoteFX bsc1214857. - CVE-2023-39352: Fixed Invalid offset validation leading to Out Of Bound Write...

REDUNDANT ERC1155 OCEAN TOKEN BALANCE UPDATE OF THE OceanAdapter CONTRACT COULD LEAD TO DoS OF THE Ocean._computeOutputAmount TRANSACTION

Lines of code Vulnerability details Impact The Ocean.computeOutputAmount function is used to compute the output amount of an output token when the input token and input token amount is given. The Ocean.computeOutputAmount function mutates the ERC1155 token ledger amounts for the primitives and al...

CVE-2023-43628

An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability...

Integer overflow

An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2023-43628

An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2023-43628

An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2023-43628

An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability...

GPSd NTRIP Stream Parsing access violation vulnerability

Talos Vulnerability Report TALOS-2023-1860 GPSd NTRIP Stream Parsing access violation vulnerability December 5, 2023 CVE Number CVE-2023-43628 SUMMARY An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1dev. A specially crafted network packet can lead...

Debian dla-3679 : libvlc-bin - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3679 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3679-1 [email protected]...

[SECURITY] [DLA 3679-1] vlc security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3679-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk November 30, 2023 https://wiki.debian.org/LTS -...

kernel: netfilter: potential slab-out-of-bound access due to integer underflow

An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local...

Important: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...