UBUNTU-CVE-2024-53984

Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PBENABLEMALLOC is enabled, the message contains at least one field with FTPOINTER field type, custom stream callback is used with unknown stream length. and the pbdecodeex function is used with flag...

Exploit for CVE-2023-32428

CVE-2023...

CLSA-2024-1730374841 Update of orc

Backport orcmalloc and orcrealloc...

The vulnerability of the __libc_malloc component in the Virtuoso-opensource web application development platform allows a attacker to cause a service failure.

The vulnerability of the libcmalloc component in the Virtuoso-opensource web application development platform is related to improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to cause service failures using specially created SQL...

PT-2024-24236 · Unknown · Goahead Web Server

Name of the Vulnerable Software and Affected Versions: GoAhead Web Server versions up to 6.0.0 Description: Multiple NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server when compiled with the ME GOAHEAD REPLACE MALLOC flag. Without a memory notifier for allocation failures,...

CVE-2024-45402

CVE-2024-45402 describes a double free in Picotls when parsing a spoofed TLS handshake, specifically in bindings that call crypto libraries. The issue causes the same memory to be freed twice during disposal of multiple objects with no intervening malloc, potentially triggering malloc abort and, ...

CURL-CVE-2024-6197 freeing stack buffer in utf8asn1str

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. It can detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte local stack buffer. Most modern malloc implementations detect this error and immediately abort...

CVE-2024-6197

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

CVE-2024-40918

In the Linux kernel, the following vulnerability has been resolved: parisc: Try to fix random segmentation faults in package builds PA-RISC systems with PA8800 and PA8900 processors have had problems with random segmentation faults for many years. Systems with earlier processors are much more...

DEBIAN-CVE-2024-40918

In the Linux kernel, the following vulnerability has been resolved: parisc: Try to fix random segmentation faults in package builds PA-RISC systems with PA8800 and PA8900 processors have had problems with random segmentation faults for many years. Systems with earlier processors are much more...

CVE-2024-40918 parisc: Try to fix random segmentation faults in package builds

In the Linux kernel, the following vulnerability has been resolved: parisc: Try to fix random segmentation faults in package builds PA-RISC systems with PA8800 and PA8900 processors have had problems with random segmentation faults for many years. Systems with earlier processors are much more...

CBL Mariner 2.0 Security Update: cmake / curl / mysql / rust / tensorflow (CVE-2023-23916)

The version of cmake / curl / mysql / rust / tensorflow installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-23916 advisory. - An allocation of resources without limits or throttling vulnerability exis...

CBL Mariner 2.0 Security Update: libtar (CVE-2021-33644)

The version of libtar installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-33644 advisory. - An attacker who submits a crafted tar file with size in header struct being 0 May be able to trigger an...

Medium: uriparser

Issue Overview: An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow. CVE-2024-34402 An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an...

DEBIAN-CVE-2024-32622

HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FLarrmalloc in H5FL.c called from H5Ssetextentsimple in H5S.c...

AZL-40543 CVE-2024-32622 affecting package hdf5 for versions less than 1.14.4.3-1

HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FLarrmalloc in H5FL.c called from H5Ssetextentsimple in H5S.c...

HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FL_arr_malloc in H5FL.c (called from H5S_set_extent_simple in H5S.c).

...

UBUNTU-CVE-2024-34403

An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string...

FFmpeg buffer overflow vulnerability (CNVD-2024-29679)

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A buffer overflow vulnerability exists in FFmpeg version v.n6.1-3-g466799d4f5, which can be exploited by an attacker to execute arbitrary code via the avmalloc function in the...

Buffer Overflow

XPDF is vulnerable to a Buffer Overflow vulnerability. The vulnerability is due to an attacker being able to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. However, the vendor states that it's an expected abort on out-of-memory error...