EulerOS 2.0 SP9 : byacc (EulerOS-SA-2023-1436)

According to the versions of the byacc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory use...

Rocky Linux 8 : curl (RLSA-2023:1140)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:1140 advisory. - An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the chained HTTP compression algorithms, meaning that a...

Debian: Security Advisory (DLA-711-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial Of Service (DoS)

sox is vulnerable to Denial Of Service DoS. The vulnerability exists due to the null pointer dereference in the lsxreadbuf function of formatsi.c when there is an integer overflow on the result of integer addition wraparound to 0 fed into the lsxcalloc macro that wraps malloc, allowing an attacke...

Debian dla-3341 : curl - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3341 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3341-1 [email protected] https://www.debian.org/lts/security/...

AZL-13658 CVE-2023-23916 affecting package rust for versions less than 1.72.0-2

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this...

Design/Logic Flaw

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this...

CVE-2023-23916

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this...

CVE-2023-23916

CVE-2023-23916 involves curl before 7.88.0 where an attacker could abuse the chained HTTP compression chain to create a degenerate decompression path. Although the cap on the number of links is per header, a malicious server can inject many headers to form an effectively unlimited decompression c...

K11274054: GNU C Library vulnerability CVE-2018-6551

Security Advisory Description The malloc implementation in the GNU C Library aka glibc or libc6, from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZEMAX and could return a pointer to a heap region that is smaller...

K16366: GNU C Library (glibc) vulnerability CVE-2015-1472

Security Advisory Description stdio-common/vfscanf.c has an ADDW macro that tries to determine whether to use malloc or alloca for allocations. But in the malloc case, it only allocates newsize bytes instead of the required newsize sizeof CHART. Thus the allocated buffer gets overrun in the...

K13288506: Wget vulnerability CVE-2017-13090

Security Advisory Description The retr.c:fdreadbody function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then...

UBUNTU-CVE-2022-45587

Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service...

CURL-CVE-2023-23916 HTTP multi-header compression denial of service

curl supports "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was capped, but the cap was implemented on a per-header basis allowing a...

SUSE CVE-2009-1255

The processstat function in 1 Memcached before 1.2.8 and 2 MemcacheDB 1.2.0 discloses a the contents of /proc/self/maps in response to a stats maps command and b memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such ...

SUSE CVE-2009-1494

The processstat function in Memcached 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port...

SUSE CVE-2012-2677

Integer overflow in the orderedmalloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected...

SUSE CVE-2012-2673

Multiple integer overflows in the 1 GCgenericmalloc and 2 calloc functions in malloc.c, and the 3 GCgenericmallocignoreoffpage function in mallocx.c in Boehm-Demers-Weiser GC libgc before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows...

SUSE CVE-2012-4424

Stack-based buffer overflow in string/strcolll.c in the GNU C Library aka glibc or libc6 2.17 and earlier allows context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function...

SUSE CVE-2013-4332

Multiple integer overflows in malloc/malloc.c in the GNU C Library aka glibc or libc6 2.18 and earlier allow context-dependent attackers to cause a denial of service heap corruption via a large value to the 1 pvalloc, 2 valloc, 3 posixmemalign, 4 memalign, or 5 alignedalloc functions...