GHSA-QHV9-728R-6JQG ReDoS via long string of semicolons in tough-cookie

Affected versions of tough-cookie may be vulnerable to regular expression denial of service when long strings of semicolons exist in the Set-Cookie header. Recommendation Update to version 2.3.0 or later...

UBUNTU-CVE-2018-7186

Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service stack-based buffer overflow or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and...

DEBIAN-CVE-2017-17846

An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003...

CVE-2017-17846

An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003...

Regular Expression Denial Of Service (ReDoS)

debug is vulnerable to Regular Expression Denial Of Service ReDoS. The regular expression is used to map %o to util.inspect can take awhile for long strings, hanging an application...

glibc: Unbounded stack allocation in nan* functions

A stack overflow vulnerability was found in nan functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code...

USN-3253-2 nagios3 regression

USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log files from being displayed in the web interface. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Nagios incorrectly handled certain long strings. A remote...

UBUNTU-CVE-2017-7963

The GNU Multiple Precision Arithmetic Library GMP interfaces for PHP through 7.1.4 allow attackers to cause a denial of service memory consumption and application crash via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely...

PT-2017-18030 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions through 7.1.4 Description: The issue allows attackers to cause a denial of service via operations on long strings, resulting in memory consumption and application crash. The vendor disputes this, stating that GMP safely aborts in...

USN-3253-1: Nagios vulnerabilities

It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. CVE-2013-7108, CVE-2013-7205 It was discovered that Nagios incorrectly...

USN-3253-1 nagios3 vulnerabilities

It was discovered that Nagios incorrectly handled certain long strings. A remote authenticated attacker could use this issue to cause Nagios to crash, resulting in a denial of service, or possibly obtain sensitive information. CVE-2013-7108, CVE-2013-7205 It was discovered that Nagios incorrectly...

glibc: Unbounded stack allocation in nan* functions

A stack overflow vulnerability was found in nan functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code...

DEBIAN-CVE-2014-0196

The nttywrite function in drivers/tty/ntty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service memory corruption and system crash or gain privileges by triggering a race condition...

Suspicious Javascript Containing Overly Long Strings (CVE-2013-2551)

Javascript may contain variables assigned with overly long strings. This behavior may indicate an exploitation attempt...

DEBIAN-CVE-2012-4412

Integer overflow in string/strcolll.c in the GNU C Library aka glibc or libc6 2.17 and earlier allows context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow...

CVE-2013-4261

OpenStack Compute Nova Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service connection pool consumption, as demonstrated using multiple requests that send...

Wireshark: Malformed LDAP filter string causes Denial of Service via excessive memory consumption

epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service memory consumption via 1 a long LDAP filter string or 2 an LDAP filter string containing many elements...

CVE-2010-1986

Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service memory consumption and application crash via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related ...

CVE-2010-1986

Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service memory consumption and application crash via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related ...

CVE-2010-1176

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a TBODY element with no...