Lucene search
K

109 matches found

NVD
NVD
added 2024/04/03 10:15 p.m.27 views

CVE-2024-2689

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...

4.4CVSS4.6AI score0.00487EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/03 9:13 p.m.34 views

CVE-2024-2689 Denial of Service if invalid UTF-8 sent

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...

4.4CVSS4.9AI score0.00487EPSS
Exploits0References1
CVE
CVE
added 2024/04/03 9:13 p.m.70 views

CVE-2024-2689

Summary: CVE-2024-2689 is a Temporal Server DoS affecting versions 1.20.5, 1.21.6 and 1.22.7 where an authenticated user with workflow permissions can submit an invalid UTF-8 string to trigger a crashloop, causing queue lag and eventual resource exhaustion. The logs may reveal the failing workflo...

4.4CVSS4.5AI score0.00487EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/01/17 8:31 p.m.16 views

ferris-says has undefined behavior when not using UTF-8

Affected versions receive a &u8 from the caller through a safe API, and pass it directly to the unsafe str::fromutf8unchecked function. The behavior of ferrissays::say is undefined if the bytes from the caller don't happen to be valid UTF-8. The flaw was corrected in ferris-says21 by using the sa...

7AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/22 10:21 p.m.16 views

`rmp-serde` `Raw` and `RawRef` may crash when receiving invalid UTF-8

It was found that Raw::fromutf8 expects valid UTF-8. If invalid UTF-8 is received it can cause the process to crash...

6.7AI score
Exploits0References3Affected Software1
OSV
OSV
added 2023/03/22 10:21 p.m.12 views

GHSA-255R-3PRX-MF99 `rmp-serde` `Raw` and `RawRef` may crash when receiving invalid UTF-8

It was found that Raw::fromutf8 expects valid UTF-8. If invalid UTF-8 is received it can cause the process to crash...

7AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/22 10:2 p.m.7 views

CVE-2023-26302 markdown-it-py CLI crash on invalid UTF-8 characters

Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input...

3.3CVSS5.5AI score0.00225EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.3 views

SUSE CVE-2007-3917

The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service crash via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the...

7.8CVSS6.9AI score0.02105EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.4 views

SUSE CVE-2010-0211

The slapmodrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smrnormalize function, which allows remote attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a modrdn call with an RDN string containing...

9.8CVSS9.5AI score0.29238EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:43 a.m.6 views

SUSE CVE-2012-5621

lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service crash via an OPAL connection with a party name that contains invalid UTF-8 strings...

5CVSS6.4AI score0.02775EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:42 a.m.4 views

SUSE CVE-2013-0252

boost::locale::utf::utftraits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes...

5CVSS6.7AI score0.0287EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:47 a.m.3 views

SUSE CVE-2017-7653

The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial ...

5.3CVSS7.5AI score0.01467EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2022/04/26 2:5 p.m.78 views

USN-5389-1: Libcroco vulnerabilities

It was discovered that Libcroco was incorrectly accessing data structures when reading bytes from memory, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. CVE-2017-7960 It was discovered that Libcroco was incorrectly handling invali...

7.1CVSS7AI score0.12996EPSS
Exploits7
OSV
OSV
added 2022/04/13 12:0 p.m.14 views

RUSTSEC-2022-0092 `rmp-serde` `Raw` and `RawRef` unsound

It was found that Raw::fromutf8 expects valid UTF-8. If invalid UTF-8 is received it can cause the process to crash...

7AI score
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2022/01/19 8:0 a.m.6 views

In LibTomCrypt through 1.18.2 the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.

...

9.1CVSS7.2AI score0.03195EPSS
Exploits1
OSV
OSV
added 2021/10/20 9:28 p.m.7 views

MGASA-2021-0481 Updated vim packages fix security vulnerability

CVE-2021-3778: vim: Heap-based Buffer Overflow in utfptr2char Fix: patch 8.2.3409: reading beyond end of line with invalid utf-8 character When vim 8.2 is built with --with-features=huge --enable-gui=none and address sanitizer, a heap-buffer overflow occurs when running: echo "Ywp2XTCqCi4KeQpAMA=...

8.2CVSS8.6AI score0.01749EPSS
Exploits2References9
OSV
OSV
added 2021/08/25 9:1 p.m.16 views

GHSA-WQXC-QRQ4-W5V4 Update unsound DrainFilter and RString::retain

An issue was discovered in the abistable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness...

7.5CVSS7.3AI score0.01413EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2021/08/25 9:1 p.m.28 views

Update unsound DrainFilter and RString::retain

An issue was discovered in the abistable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness...

7.5CVSS7.3AI score0.01358EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2021/01/26 6:15 p.m.13 views

Spoofing

An issue was discovered in the abistable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness...

5CVSS7.5AI score0.01358EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/01/22 9:5 a.m.14 views

CVE-2020-36213

An issue was discovered in the abistable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness...

7.5AI score0.01358EPSS
Exploits0References1
Rows per page
Query Builder