CVE-2023-35790

CVE-2023-35790 affects the JPEG XL library (libjxl); a vulnerability in the patch decoding code allows an integer underflow that can cause a denial of service, including infinite loops. Public entries from Debian/Ubuntu indicate impacted releases and that fixes are available; Debian notes the iss...

CVE-2023-35790

An issue was discovered in decpatchdictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop...

CVE-2023-35790

An issue was discovered in decpatchdictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop...

PT-2023-3326 · Libjxl +5 · Libjxl +5

Name of the Vulnerable Software and Affected Versions: libjxl versions prior to 0.8.2 Description: An issue in dec patch dictionary.cc can lead to a denial of service due to an integer underflow in patch decoding, potentially causing an infinite loop. The issue can be exploited by a remote attack...

Potential Integer Overflow/Underflow

Lines of code Vulnerability details Impact The functions insertSDPrice and getMedianValue manipulate arrays of uint256 values without explicitly checking for integer overflow or underflow. If the array lengths or calculations exceed the maximum or minimum values of uint256, it can result in...

RenderDoc 1.26 Local Privilege Escalation / Remote Code Execution

Qualys Security Advisory LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863 ======================================================================== Contents ======================================================================== Summary CVE-2023-33865, a symlink...

RenderDoc 1.26 Local Privilege Escalation / Remote Code Execution Vulnerabilities

LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863 ======================================================================== Contents ======================================================================== Summary CVE-2023-33865, a symlink vulnerability in /tmp/RenderDoc -...

Exploit for Integer Underflow (Wrap or Wraparound) in Microsoft

" CVE-2021-31956" WIP PoC code for CVE-2021-31956 in preparat...

SUSE SLES12 Security Update : openvswitch (SUSE-SU-2023:2360-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2360-1 advisory. - Open vSwitch aka openvswitch 2.11.0 through 2.15.0 has a use-after-free in decodeNXASTRAWENCAP called from ofpactdecode and...

SUSE-SU-2023:2360-1 Security update for openvswitch

This update for openvswitch fixes the following issues: - CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV bsc1206580. - CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV bsc1206581. - CVE-2022-32166: Fixed a out of bounds read in minimaskequal bsc1203865. -...

PT-2023-3672 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.3.8 Description: The issue is related to an integer underflow and out-of-bounds read in the deassemble neg contexts function in the fs/smb/server/smb2pdu.c file of the KSMBD filesystem in the Linux kernel. Thi...

CVE-2023-24817

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer...

CVE-2023-24817 RIOT-OS vulnerable to Out of Bounds write in routing with SRH

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer...

CVE-2023-24817

CVE-2023-24817 affects RIOT-OS, specifically the 6LoWPAN processing in its network stack. A crafted 6LoWPAN frame sent to affected devices prior to version 2023.04 can trigger an integer underflow and out-of-bounds access in the packet buffer, potentially corrupting other packets or allocator met...

Ubuntu 16.04 ESM : Jhead vulnerability (USN-6113-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-6113-1 advisory. It was discovered that Jhead did not properly handle certain crafted images while processing the Exif markers. An attacker could possibly use this issue to crash...

RIOT RIOT-OS 数字错误漏洞

RIOT RIOT-OS is a set of operating systems for applications in the Internet of Things IoT space. A security vulnerability exists in RIOT RIOT-OS versions prior to 2023.04 that stems from integer underflow and out-of-bounds access in packet buffers, which can be exploited by an attacker to conduct...

PT-2023-19798 · Riot-Os · Riot-Os

Name of the Vulnerable Software and Affected Versions: RIOT-OS versions prior to 2023.04 Description: The issue affects the network stack of RIOT-OS, specifically in the processing of 6LoWPAN frames. An attacker can send a crafted frame, resulting in an integer underflow and out of bounds access ...

Oracle Linux 7 : istio (ELSA-2023-12355)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12355 advisory. - CVE-2022-27496 - CVE-2022-27488 - CVE-2022-27493 - CVE-2022-27492 - CVE-2022-27491 - CVE-2022-27487 Tenable has extracted the preceding description...

Oracle Linux 7 : istio (ELSA-2023-12357)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12357 advisory. - CVE-2022-27496 - CVE-2022-27488 - CVE-2022-27493 - CVE-2022-27492 - CVE-2022-27491 - CVE-2022-27487 Tenable has extracted the preceding description...

Oracle Linux 8 : istio (ELSA-2023-12354)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12354 advisory. - CVE-2022-27496 - CVE-2022-27488 - CVE-2022-27493 - CVE-2022-27492 - CVE-2022-27491 - CVE-2022-27487 Tenable has extracted the preceding description...