8 matches found
BIT-LIBPHP-2026-7568 Signed integer overflow in metaphone()
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...
One Search 安全漏洞
One Search is a quick-start search tool developed by One Search Inc. Version 1.1.0.0 of One Search contains a security vulnerability. This vulnerability arises from the search function’s improper handling of extremely long input strings, which may allow local attackers to cause the application to...
PT-2025-37210
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A buffer overflow issue was identified in the add tuning control function within the ALSA subsystem. The sprintf function call could exceed the allocated buffer size of 44 bytes if the...
PT-2024-20220 · Eserver · Ezserver
Name of the Vulnerable Software and Affected Versions: EzServer version 6.4.017 Description: The issue allows a denial of service daemon crash via a long string, such as one for the RNTO command. Recommendations: For EzServer version 6.4.017, consider restricting the length of input strings to...
GHSA-PW54-MH39-W3HC Regular expression denial of service in npm-user-validate
This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...
The vulnerability of the Commons FileUpload library allows a perpetrator to trigger a service failure.
The vulnerability of the MultipartStream class in the Commons FileUpload library exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause a service failure resulting in increased computational resources usage through the use of a lo...
Low: coreutils
Issue Overview: It was discovered that the sort, uniq, and join utilities did not properly restrict the use of the alloca function. An attacker could use this flaw to crash those utilities by providing long input strings. CVE-2013-0221, CVE-2013-0222, CVE-2013-0223 Affected Packages: coreutils...
DEBIAN-CVE-2009-0148
Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as 1 source-code tokens and 2 pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541...