1163 matches found
DEBIAN-CVE-2017-9229
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in leftadjustcharhead during regular expression compilation. Invalid handling of reg-dmax in forwardsearchrange could result in an invalid pointer...
ALPINE-CVE-2017-9227
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbcenclen during regular expression searching. Invalid handling of reg-dmin in forwardsearchrange could result in an invalid pointer...
CVE-2017-9227
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbcenclen during regular expression searching. Invalid handling of reg-dmin in forwardsearchrange could result in an invalid pointer...
CVE-2017-9227
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbcenclen during regular expression searching. Invalid handling of reg-dmin in forwardsearchrange could result in an invalid pointer...
EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1089)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Use-after-free vulnerability in the diskseqfstop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privilege...
CVE-2015-8270
The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service invalid pointer dereference and process crash...
DEBIAN-CVE-2015-8270
The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service invalid pointer dereference and process crash...
Null pointer dereference
The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service invalid pointer dereference and process crash...
CVE-2015-8270
The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service invalid pointer dereference and process crash...
CVE-2015-8270
The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service invalid pointer dereference and process crash...
CVE-2015-8270
CVE-2015-8270 affects RTMPDump 2.4, where the AMF3ReadString function in amf.c can trigger an invalid pointer dereference, causing remote DoS (process crash) when processing crafted RTMP streams. Public advisories confirm the vulnerability and provide fixes: Debian DSA-3850-1 notes kernel-level f...
CVE-2015-8270
The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service invalid pointer dereference and process crash...
CVE-2015-8270
The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service invalid pointer dereference and process crash...
389-ds-base: Remote crash via crafted LDAP messages
An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service...
Scientific Linux Security Update : 389-ds-base on SL6.x i386/x86_64 (20170411)
Security Fixes : - An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. CVE-2017-2668 Bug Fixes : -...
389 security update
CentOS Errata and Security Advisory CESA-2017:0893 An update for 389-ds-base is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
389-ds-base: Remote crash via crafted LDAP messages
An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service...
shopify-scripts: Invalid Pointer reference in L_RESCUE
@ssarong reported an input that triggers an out-of-bounds read: https://github.com/mruby/mruby/issues/3603 This issue was addressed upstream in https://github.com/mruby/mruby/commit/761493934e19d1a6edea53e9fbdb39eb78ef898e...
shopify-scripts: Invalid pointer dereference in OP_ENTER
PoC === The following demonstrates a mruby/sandbox crash: def methodmissing end send...
shopify-scripts: Use-after-free leading to an invalid pointer dereference
PoC === The following code demonstrates a crash: class A rescue Struct.new.new.toh end end Discussion ========== mruby crashes due to an invalid pointer dereference in vm.c:1692: 1689│ LRESCUE: 1690│ if ci-ridx == 0 goto LSTOP; 1691│ proc = ci-proc; 1692├ irep = proc-body.irep; gdb print ci-proc ...