12 matches found
CLSA-2026-1779183103 vim: Fix of 6 CVEs
CVE-2021-3903: do not set VALIDBOTLINE in updatetopline when screen is invalid - CVE-2022-1616: tighten appendcommand loop bound + pre-write length check to avoid buffer overflow with composing chars - CVE-2022-2042: initialize attr in spellmoveto and capture emptyline before mlgetbuf invalidates...
CVE-2023-53786
In the Linux kernel, the following vulnerability has been resolved: dm flakey: fix a crash with invalid table line This command will crash with NULL pointer dereference: dmsetup create flakey --table \ "0 blockdev --getsize /dev/ram0 flakey /dev/ram0 0 0 1 2 corruptbiobyte 512" Fix the crash by...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object.
...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
UBUNTU-CVE-2020-27545
libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object...
PT-2023-11764 · Libdwarf · Libdwarf
Name of the Vulnerable Software and Affected Versions: libdwarf versions prior to 20201017 Description: The issue is caused by an invalid pointer dereference via an invalid line table in a crafted object, resulting in a one-byte out-of-bounds read. Recommendations: For versions prior to 20201017,...
HTTP Request Smuggling
netty-codec-http is vulnerable to HTTP request smuggling. The library does not detect if a colon is missing when parsing HTTP headers. This allows an attacker to smuggle HTTP requests via an invalid line fold...
tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests
It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP...
DEBIAN-CVE-2004-0270
libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service crash via a uuencoded e-mail message with an invalid line length e.g., a lowercase character, which causes an assert error in clamd that terminates the calling program...
CVE-2004-0270
libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service crash via a uuencoded e-mail message with an invalid line length e.g., a lowercase character, which causes an assert error in clamd that terminates the calling program...