CLSA-2026-1778132770 unzip: Fix of 2 CVEs

CVE-2022-0529: fix heap-based buffer overflow in widetolocalstring - CVE-2022-0530: fix null pointer dereference on invalid UTF-8 input...

UBUNTU-CVE-2026-0810

A flaw was found in gix-date. The gixdate::parse::TimeBuf::asstr function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the TimeBuf component, leading to undefined behavior when these malformed strings are subsequently processed...

GitOxide security vulnerabilities

GitOxide is a Git implementation written in Rust by Sebastian Thiel as a personal project. There is a security vulnerability in gix-date; this vulnerability stems from the asstr function potentially generating invalid non-UTF-8 strings, which may lead to unstable applications...

CVE-2025-56353

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 2024-02-18, a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated subscription requests with arbitrarily large or invalid filter...

gix-date can create non-utf8 string with `TimeBuf::as_str`

The function gixdate::parse::TimeBuf::asstr can create an illegal string containing non-utf8 characters. This violates the safety invariant of TimeBuf and can lead to undefined behavior when consuming the string. The bug can be prevented by adding str::fromutf8 to the function TimeBuf::write...

Linux Distros Unpatched Vulnerability : CVE-2017-7653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject...

CVE-2020-8929

A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting...

CVE-2025-47736

dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8...

SUSE CVE-2024-58253

In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that produces an invalid value...

markdown-it-py 安全漏洞

markdown-it-py is a Markdown parser open-sourced by Executable Books. A security vulnerability exists in markdown-it-py versions prior to v2.2.0, which stems from a denial of service that may result if an attacker is allowed to use invalid UTF-8 characters as input...

SUSE CVE-2016-6855

Eye of GNOME aka eog 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service out-of-bounds write and crash via vectors involving passing invalid UTF-8 to GMarkup...

Ubuntu 16.04 ESM : PCRE vulnerabilities (USN-5665-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5665-1 advisory. It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability existed in Rust prior to version 0.9.1. The vulnerability stems from the possibility that program reserved calls could create invalid UTF-8 strings, thereby violating soundness. No detai...

Google Tink Data Forgery Issue Vulnerability

Tink is the United States Google Google a multi-language cross-platform to provide encryption API of a development library. A security vulnerability exists in versions of Tink prior to 1.5, which stems from incorrect handling of invalid unicode characters and can be exploited by an attacker to...

CVE-2020-8929

A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting...

Django: Potential memory exhaustion in django.utils.encoding.uri_to_iri()

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences...

GHSA-6CHW-6FRG-F759 Regular Expression Denial of Service in Acorn

Affected versions of acorn are vulnerable to Regular Expression Denial of Service. A regex in the form of /x-\ud800/u causes the parser to enter an infinite loop. The string is not valid UTF16 which usually results in it being sanitized before reaching the parser. If an application processes...

Huawei EulerOS: Security Advisory for pcre (EulerOS-SA-2019-1098)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for pcre (EulerOS-SA-2019-1931)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PYSEC-2019-14

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences...