292 matches found
CVE-2021-40592
GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a version v1.0.1 onwards contains loop with unreachable exit condition 'infinite loop' vulnerability in ISOBMFF reader filter, isoffinread.c. Function isoffinprocess can result in DoS by infinite loop. To exploit, the victim must...
CVE-2022-29190 Header reconstruction method can be thrown into an infinite loop in Pion DTLS
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available...
MGASA-2022-0187 Updated clamav packages fix security vulnerability
Infinite loop vulnerability in the CHM file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. CVE-2022-20770 Infinite loop vulnerability in the TIFF file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior...
SUSE-SU-2022:1644-1 Security update for clamav
This update for clamav fixes the following issues: - CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM file parser bsc1199242. - CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the scan verdict cache check bsc1199246. - CVE-2022-20771: Fixed a possible...
PyPDF2 安全漏洞
PyPDF2 is a free open source pure python PDF library . It can split, merge, crop and convert pages in PDF files. PyPDF2 has a security vulnerability that originated in versions prior to 1.27.5, which allows an attacker to create PDFs that will result in an infinite loop if PyPDF2 if the code trie...
The vulnerability of the svx_read_header() function in the audio file reading and writing library libsndfile allows a attacker to cause a service denial.
The vulnerability of the svxreadheader function in the audio file reading and writing library libsndfile is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
Important: Red Hat Security Advisory: openssl security update
An update for openssl is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impa...
Important: Red Hat Security Advisory: openssl security update
An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Important: Red Hat Security Advisory: openssl security update
An update for openssl is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2022:0851-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0851-1 advisory. - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli...
SUSE-SU-2022:14915-1 Security update for openssl
This update for openssl fixes the following issues: - CVE-2022-0778: Infinite loop in BNmodsqrt reachable when parsing certificates bsc1196877...
SUSE-SU-2022:0853-1 Security update for openssl-1_1
This update for openssl-11 fixes the following issues: - CVE-2022-0778: Infinite loop in BNmodsqrt reachable when parsing certificates bsc1196877...
CVE-2021-44924
GPAC 1.1.0 contains an infinite loop vulnerability in gf_log that can cause Denial of Service (CVE-2021-44924). Affected component is the gf_log function within GPAC; impact is DoS, with LOCAL/remote possibilities depending on execution context as described in sources. Connected documents confirm...
CVE-2021-45297
GPAC 1.0.1 contains an infinite loop in gf_get_bit_size (CVE-2021-45297). This GPAC multimedia framework issue can cause a denial-of-service condition (partial availability impact per CVSS info). Debian and Gentoo advisories note fixes up to 1.0.1+dfsg1-4+deb11u2; upgrade GPAC to the patched vers...
Security update for tinyxml (low)
openSUSE Security Update: Security update for tinyxml Announcement ID: openSUSE-SU-2021:1474-1 Rating: low References: 1191576 Cross-References: CVE-2021-42260 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for tinyxml fixes...
zziplib security update
An update is available for zziplib. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The zziplib is a lightweight library to easily extract data from zip files...
RLSA-2021:4316 Low: zziplib security update
The zziplib is a lightweight library to easily extract data from zip files. Security Fixes: zziplib: infinite loop via the return value of zzipfileread as used in unzzipcatfile CVE-2020-18442 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...
The vulnerability of the software for ensuring high availability and load balancing for TCP and HTTP applications managed by Haproxy arises from the execution of a loop with an unreachable exit condition. This allows a attacker to cause a service failure.
The vulnerability of the software used for ensuring high availability and load balancing for TCP and HTTP applications managed by Haproxy is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability can allow a malicious actor to cause service failures...
CVE-2021-41973
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater...
OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...