glibc: potential use-after-free in gaih_inet()

A flaw has been identified in glibc. In an uncommon situation, the gaihinet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with...

Important: Red Hat Security Advisory: glibc security update

An update for glibc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

The vulnerability of the getaddrinfo function in the system library glibc, which allows a hacker to cause a service failure

The vulnerability of the getaddrinfo function in the system library glibc is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

OESA-2023-1680 mosquitto security update

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...

SUSE CVE-2023-4527

A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data...

SUSE CVE-2023-28366

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...

CVE-2023-28366

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...

Exploit for Use of Externally-Controlled Format String in Asus Rt-Ac86U_Firmware

CVE-2023-35086-POC July 25 2023, Altin tin-z, github.com/t...

CVE-2023-31669

WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote "...

CVE-2023-31669

WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote "...

DEBIAN-CVE-2023-31669

WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote "...

CVE-2023-31669

WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote "...

Design/Logic Flaw

WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote "...

UBUNTU-CVE-2023-31669

WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote "...

CVE-2023-31669

CVE-2023-31669 affects the WebAssembly toolchain wabt, specifically wat2wasm v1.0.32. The issue arises when an attacker places an @ before a quotation mark, triggering a crash in libc++abi.dylib. Public sources (NVD OSV entries and Fedora advisories) confirm the vulnerable release is wabt 1.0.32 ...

CVE-2023-31669

WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote "...

CVE-2023-31669

WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote "...

CVE-2023-31669

WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote "...

DEBIAN-CVE-2023-31607

An issue in the libcmalloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

DEBIAN-CVE-2023-31611

An issue in the libclongjmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service DoS via crafted SQL statements...