SUSE CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

UBUNTU-CVE-2023-23916

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this...

EulerOS 2.0 SP10 : samba (EulerOS-SA-2023-1399)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and...

Huawei EulerOS: Security Advisory for libtar (EulerOS-SA-2023-1324)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : autotrace, autotrace-devel (ALAS-2023-1929)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1929 advisory. Heap-based buffer overflow in the pstoeditsuffixtableinit function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service out-of-bounds write via a crafted...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the validateprotocol function in extensions/autolink.c, which exposes malloc metadata. NOTE: The maintainers believe this is harmless. PoC sh echo "to:[email protected]" | ./src/cmark-gfm -e autolink Remediation...

cmark-gfm 缓冲区错误漏洞

cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version with canonical Markdown syntax. A buffer error vulnerability exists in versions prior to cmark-gfm 0.29.0.gfm.7. An attacker can use this vulnerability to read out of bounds to access "malloc"...

CVE-2021-33641

When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory use after free...

Memory corruption

When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory use after free...

CVE-2021-33641

When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory use after free...

CVE-2021-33641

CVE-2021-33641 is a vulnerability in byacc where, during file processing, malloc stores the current line data and, while handling comments, accesses released memory (use-after-free). Multiple connected advisories (EulerOS, Red Hat, Amazon Linux 2023) cite this issue along with CVE-2021-33642, whi...

CVE-2022-3437

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a...

CVE-2022-3437

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a...

CVE-2023-22551

The FTP aka "Implementation of a simple FTP client and server" project through 96c1a35 allows remote attackers to cause a denial of service memory consumption by engaging in client activity, such as establishing and then terminating a connection. This occurs because malloc is used but free is not...

CVE-2023-22551

CVE-2023-22551 affects the FTP project ("Implementation of a simple FTP client and server") up to commit 96c1a35. The issue is a memory-DoS caused by using malloc without a corresponding free during client activity (e.g., establishing and terminating a connection). Impact is denial of service thr...

AddressSanitizer: heap-buffer-overflow in alloc.c 246:11

Description ================================================================= ==19339==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x606000001015 at pc 0x0000004872d8 bp 0x7ffdef721150 sp 0x7ffdef720910 WRITE of size 2 at 0x606000001015 thread T0 Detaching after fork from child proce...

Buffer Overflow

samba is vulnerable to buffer overflow. The vulnerability exists within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal because GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a maliciously small packet causing an application cras...

EulerOS 2.0 SP5 : libtar (EulerOS-SA-2022-2713)

According to the versions of the libtar package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable...

CVE-2022-3437

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a...

Heimdal GSSAPI 安全漏洞

Heimdal GSSAPI is the General Security Service Application Program Interface for Heimdal Individual Developers. A security vulnerability exists in Heimdal GSSAPI that stems from a possible buffer overflow on malloc allocated memory by the DES and 3-DES decoding methods...