27 matches found
CVE-2026-33176
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...
CVE-2026-33176 Rails Active Support has a possible DoS vulnerability in its number helpers
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...
Possible New Result in Quantum Factorization
I'm skeptical about--and not qualified to review--this new result in factorization with a quantum computer, but if it's true it's a theoretical improvement in the speed of factoring large numbers with a quantum computer...
CVE-2023-53513
The CVE-2023-53513 issue is a Linux kernel vulnerability where incomplete validation of the nbd ioctl arg can trigger an i_size overflow when the arg is coerced to int (arg cast in nbd_ioctl /nbd_add_socket). The root cause is insufficient validation of large ioctl arguments, allowing an overflow...
libtasn1 安全漏洞
libtasn1 is a small ASN.1 library open-sourced by gnutls. A security vulnerability exists in libtasn1 that stems from taking much longer than expected to process a large number of elements in a certificate, which could cause the system to slow down or even crash...
parsson: Denial of Service due to large number parsing
A flaw was found in Eclipse Parsson library when processing untrusted source content. This issue may cause a Denial of Service DoS due to built-in support for parsing numbers with a large scale, and some cases where processing a large number may take much more time than expected...
parsson: Denial of Service due to large number parsing
A flaw was found in Eclipse Parsson library when processing untrusted source content. This issue may cause a Denial of Service DoS due to built-in support for parsing numbers with a large scale, and some cases where processing a large number may take much more time than expected...
parsson: Denial of Service due to large number parsing
A flaw was found in Eclipse Parsson library when processing untrusted source content. This issue may cause a Denial of Service DoS due to built-in support for parsing numbers with a large scale, and some cases where processing a large number may take much more time than expected...
Denial Of Service (DoS)
johnzon-mapper is vulnerable to Denial Of Service DoS. The vulnerability exists because it does not validate JSON user input for large numbers, which allows an attacker to inject a large number which will then be parsed by BigDecimal, resulting in Denial of Service...
CVE-2023-33008 Apache Johnzon: Prevent inefficient internal conversion from BigDecimal at large scale
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon. A malicious attacker can craft up some JSON input that uses large numbers numbers such as 1e20000000 that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result ...
PT-2023-4628 · Apache · Apache Johnzon
Name of the Vulnerable Software and Affected Versions: Apache Johnzon versions 1.2.0 through 1.2.20 Description: A malicious attacker can craft JSON input that uses large numbers, such as 1e20000000, which Apache Johnzon will deserialize into BigDecimal. This may result in a slow conversion, posi...
PT-2022-26115 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11 TensorFlow version 2.10.1 TensorFlow version 2.9.3 TensorFlow version 2.8.4 Description: The issue arises when a numpy array is created with a shape such that one element is zero and the others sum to a large...
GitLab Denial of Service Vulnerability (CNVD-2022-25197)
GitLab is an open source, end-to-end software development platform from the U.S. company GitLab, with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A denial of service vulnerability exists in GitLab CE/EE versions...
GO-2021-0069 Panic during division of very large numbers in math/big
A number of math/big.Int methods can panic when provided large inputs due to a flawed division method...
golang: math/big: panic during recursive division of very large numbers
A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The...
golang: math/big: panic during recursive division of very large numbers
A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The...
golang: math/big: panic during recursive division of very large numbers
A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The...
Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Uninitialized Buffer Allocation
utile is vulnerable to uninitialized buffer allocation. The library contains an uninitialized memory allocation when handling a large number, which can allow a malicious user to gain access to sensitive information or crash the application...
Do’s and Don’ts of Capacity Estimation for Database Monitoring Tools
When deploying a database monitoring tool, one of the first things you need to do is to determine the size of your deployment. So, where do you start? In a previous blog post I described the various aspects that can have an impact on the capacity requirements needed for a database monitoring...