109 matches found
CVE-2024-2689
Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...
CVE-2024-2689 Denial of Service if invalid UTF-8 sent
Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...
CVE-2024-2689
Summary: CVE-2024-2689 is a Temporal Server DoS affecting versions 1.20.5, 1.21.6 and 1.22.7 where an authenticated user with workflow permissions can submit an invalid UTF-8 string to trigger a crashloop, causing queue lag and eventual resource exhaustion. The logs may reveal the failing workflo...
ferris-says has undefined behavior when not using UTF-8
Affected versions receive a &u8 from the caller through a safe API, and pass it directly to the unsafe str::fromutf8unchecked function. The behavior of ferrissays::say is undefined if the bytes from the caller don't happen to be valid UTF-8. The flaw was corrected in ferris-says21 by using the sa...
`rmp-serde` `Raw` and `RawRef` may crash when receiving invalid UTF-8
It was found that Raw::fromutf8 expects valid UTF-8. If invalid UTF-8 is received it can cause the process to crash...
GHSA-255R-3PRX-MF99 `rmp-serde` `Raw` and `RawRef` may crash when receiving invalid UTF-8
It was found that Raw::fromutf8 expects valid UTF-8. If invalid UTF-8 is received it can cause the process to crash...
CVE-2023-26302 markdown-it-py CLI crash on invalid UTF-8 characters
Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input...
SUSE CVE-2007-3917
The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service crash via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the...
SUSE CVE-2010-0211
The slapmodrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smrnormalize function, which allows remote attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a modrdn call with an RDN string containing...
SUSE CVE-2012-5621
lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service crash via an OPAL connection with a party name that contains invalid UTF-8 strings...
SUSE CVE-2013-0252
boost::locale::utf::utftraits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes...
SUSE CVE-2017-7653
The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial ...
USN-5389-1: Libcroco vulnerabilities
It was discovered that Libcroco was incorrectly accessing data structures when reading bytes from memory, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. CVE-2017-7960 It was discovered that Libcroco was incorrectly handling invali...
RUSTSEC-2022-0092 `rmp-serde` `Raw` and `RawRef` unsound
It was found that Raw::fromutf8 expects valid UTF-8. If invalid UTF-8 is received it can cause the process to crash...
In LibTomCrypt through 1.18.2 the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.
...
MGASA-2021-0481 Updated vim packages fix security vulnerability
CVE-2021-3778: vim: Heap-based Buffer Overflow in utfptr2char Fix: patch 8.2.3409: reading beyond end of line with invalid utf-8 character When vim 8.2 is built with --with-features=huge --enable-gui=none and address sanitizer, a heap-buffer overflow occurs when running: echo "Ywp2XTCqCi4KeQpAMA=...
GHSA-WQXC-QRQ4-W5V4 Update unsound DrainFilter and RString::retain
An issue was discovered in the abistable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness...
Update unsound DrainFilter and RString::retain
An issue was discovered in the abistable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness...
Spoofing
An issue was discovered in the abistable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness...
CVE-2020-36213
An issue was discovered in the abistable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness...