19 matches found
libwebsockets: Stack-based Buffer Overflow in libwebsockets
A stack based buffer overflow flaw has been discovered in libwebsockets. The vulnerability allows an attacker that can inspect DNS requests made by the victim e.g. being in the same wireless network to forge a DNS response packet that overflows the stack and may lead to arbitrary code execution...
OESA-2025-2611 libwebsockets security update
Libwebsockets LWS is a flexible, lightweight pure C library for implementing modern network protocols easily with a tiny footprint, using a nonblocking event loop. Security Fixes: Use After Free vulnerability exists in the WebSocket server implementation in lwshandshakeserver in warmcat...
EUVD-2025-35057
Stack-based Buffer Overflow in lwsadnsparselabel in warmcat libwebsockets allows, when the LWSWITHSYSASYNCDNS flag is enabled during compilation, to overflow the labelstack, when the attacker is able to sniff a DNS request in order to craft a response with a matching id containing a label longer...
ffr: Out of bounds read in bgpd/bgp_label.c
An out-of-bounds read flaw was found in FFrounting beyond the end of the stream during labeled unicast parsing. This issue may lead to application crash and denial of service...
SUSE CVE-2017-9103
An issue was discovered in adns before 1.5.2. papmailbox822 does not properly check st from adnsfindlabelnext. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling progra...
CVE-2020-27736
A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions, Nucleus ReadyStart V3 All versio...
Remote Code Execution (RCE)
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns . When parsing compressed labels in mDNS messages, the rrdecode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An...
VLC < 3.0.9 Multiple Vulnerabilities
The version of VLC media player installed on the remote Windows host is prior to 3.0.9. It is, therefore, affected by multiple vulnerabilities: - An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing...
Videolabs libmicrodns Resource Management Error Vulnerability
Videolabs libmicrodns is a cross-platform mDNS multicast DNS resolver from Videolabs Labs in France. A security vulnerability in the label parsing feature in Videolabs libmicrodns version 0.1.0 stems from the program failing to check the return value of the 'rrdecode' function when parsing...
CVE-2020-6072
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rrdecode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. A...
Double free
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rrdecode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. A...
UBUNTU-CVE-2020-6072
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rrdecode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. A...
CVE-2020-6072
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rrdecode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. A...
CVE-2020-6072
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rrdecode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. A...
Videolabs libmicrodns 0.1.0 rr_decode return value remote code execution vulnerability
Summary An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rrdecode function’s return value is not checked, leading to a double free that could be exploited to execute arbitrary...
LEAD Technologies LEADTOOLS Heap Out-of-Bounds Write Vulnerability
LEAD Technologies LEADTOOLS is an image processing development kit from LEAD Technologies. A heap out-of-bounds write vulnerability exists in the UI label parsing functionality of the DICOM image format in LEADTOOLS 20.0.2019.3.15, which can be exploited by an attacker to achieve code execution v...
LibOFX Buffer Overflow Vulnerability
LibOFX is a library that allows programs to support OFX financial data bi-directional exchange command responses. A buffer overflow vulnerability exists in the label parsing feature in LibOFX version 0.9.11. An attacker can exploit this vulnerability to execute code or cause a denial of service...
OpenJDK: Signed applet remote misuse possibility (6782871)
The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing...
OpenJDK: Signed applet remote misuse possibility (6782871)
The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing...