566 matches found
pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID
A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service DoS f...
CVE-2026-25582
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow read vulnerability in CIccIO::WriteUInt16Float when converting malformed XML to ICC profiles via...
CVE-2026-25583
The CVE-2026-25583 issue affects iccDEV, where a heap buffer overflow can occur in CIccFileIO::Read8() when processing malformed ICC profile files due to an unchecked fread. This vulnerability is present in versions prior to 2.3.1.3 and is patched in 2.3.1.3. Red Hat and CVE records corroborate t...
pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID
A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service DoS f...
pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID
A flaw was found in pyasn1, a generic ASN.1 library for Python. A remote attacker could exploit this vulnerability by sending a specially crafted RELATIVE-OID with excessive continuation octets. This input validation vulnerability leads to memory exhaustion, resulting in a Denial of Service DoS f...
📄 NanoMQ 0.24.6 API SQL Rule Engine Buffer Overflow
This script is a proof of concept used to test NanoMQ's API for improper input handling. It sends an intentionally long and malformed SQL alias through the /api/v4/rules endpoint to check whether the service safely rejects the input or crashes. The code does not achieve real remote code execution...
Memory Leak
ImageMagick is vulnerable to a memory leak. The vulnerability is due to improper handling of malformed OpenCL device profile XML files in the LoadOpenCLDeviceBenchmark function, which fails to free allocated string memory when elements are not properly closed, allowing an attacker to trigger memo...
AZL-76212 CVE-2025-69421 affecting package openssl 1.1.1k-38
Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex...
AZL-75911 CVE-2025-69421 affecting package edk2 for versions less than 20240524git3e722403cd16-14
Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex...
CVE-2026-22795 Missing ASN1_TYPE validation in PKCS#12 parsing
Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing a malformed PKCS12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type...
Astra Linux – Vulnerability in the 389-DS-base
A denial-of-service vulnerability was discovered in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input...
GHSA-86RF-68F4-2CPH Duplicate Advisory: go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2464-8j7c-4cjm. This link is maintained to preserve external references. Original Description A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using...
AZL-75449 CVE-2025-11065 affecting package kubevirt 1.6.3-3
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
AZL-75410 CVE-2025-11065 affecting package docker-buildx 0.14.0-8
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
AZL-75564 CVE-2025-11065 affecting package rook 1.6.2-27
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
AZL-75419 CVE-2025-11065 affecting package gh 2.62.0-10
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
CVE-2025-56353
In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 2024-02-18, a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated subscription requests with arbitrarily large or invalid filter...
CVE-2021-47827
WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into the mashREPL input field,...
CVE-2021-47827 WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service
WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into the mashREPL input field,...
CVE-2021-47827
WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into the mashREPL input field,...