CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

FreeBSD : cURL -- Multiple vulnerabilities (ae5722a6-f5f0-11ec-856e-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ae5722a6-f5f0-11ec-856e-d4c9ef517024 advisory. - When curl 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation...

Out-of-bounds write in function vim_regsub_both

Description Out-of-bounds write in function vimregsubboth at regexp.c:1973 vim version git log commit 83497f875881973df772cc4cc593766345df6c4a HEAD - master, tag: v8.2.5105, origin/master, origin/HEAD POC root@fuzz-vm0-187:/home/fuzz/fuzz/vim/afl/src ./vim -u NONE -i NONE -n -m -X -Z -e -s -S...

Integer overflow

There is a vulnerability in htmldoc 1.9.16. In imageloadjpeg function image.cxx when it calls malloc,'img-width' and 'img-height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer...

CVE-2022-27114

There is a vulnerability in htmldoc 1.9.16. In imageloadjpeg function image.cxx when it calls malloc,'img-width' and 'img-height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer...

CVE-2021-27435

ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in mallocwrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

CVE-2021-27419

uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

DEBIAN-CVE-2021-27419

uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

CVE-2021-27421

CVE-2021-27421 affects NXP MCUXpresso SDK versions prior to 2.8.2. The root cause is an integer overflow in the SDK_Malloc function, which can allow memory accesses outside the bounds of a specified array, leading to behavior such as segmentation faults when allocating memory from the heap via ma...

CVE-2021-27419

uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

Heap-based Buffer Overflow in function cmdline_erase_chars

Description Heap-based Buffer Overflow in function cmdlineerasechars at exgetln.c:1085 POC ./vim -u NONE -X -Z -e -s -S ./poch1.dat -c :qa! ================================================================= ==3840814==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60b00000087f at pc...

Mageia: Security Advisory (MGASA-2014-0314)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-23967

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-15679. Reason: This candidate is a duplicate of CVE-2019-15679. Notes: All CVE users should reference CVE-2019-15679 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

CVE-2021-34405

NVIDIA Linux distributions contain a vulnerability in TrustZone’s TEEMalloc function, where an unchecked return value causing a null pointer dereference may lead to denial of service...

Heap-based Buffer Overflow in vim/vim

Description Heap-buffer-overflow in vim Proof of Concept ./vim -u NONE -X -Z -e -s -S poc3 -c :qa! POC3 is here. Bt ==728741==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000025500 at pc 0x0000008961b2 bp 0x7ffca76ad0b0 sp 0x7ffca76ad0a8 READ of size 1 at 0x621000025500 thread T0...

CLSA-2022-1641904053 Fix of 14 CVEs

CVE-2018-9138: Fix stack exhaustion - CVE-2018-12641: Fix stack exhaustion - CVE-2018-12697: Fix NULL pointer dereference - CVE-2018-12698: Fix memory consumption - CVE-2018-12699: Fix heap-based buffer overflow - CVE-2018-12700: Fix infinite recursion - CVE-2018-17794: Fix NULL pointer...

CLSA-2021-1640790635 Fixed 14 CVEs in binutils

CVE-2018-9138: Fix stack exhaustion - CVE-2018-12641: Fix stack exhaustion - CVE-2018-12697: Fix NULL pointer dereference - CVE-2018-12698: Fix memory consumption - CVE-2018-12699: Fix heap-based buffer overflow - CVE-2018-12700: Fix infinite recursion - CVE-2018-17794: Fix NULL pointer...

The vulnerability in the implementation of the mm_malloc() function in the Mongoose OS operating system allows a attacker to cause a service failure or execute arbitrary code.

The vulnerability of the mmmalloc function implementation in the Mongoose OS operating system is related to integer overflow. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary code...

Integer Overflow

autotrace is vulnerable integer overflows. A biWidthbiBitCnt integer overflow in input-bmp.c allows attackers to provide an unexpected input value to malloc via a malformed bitmap image resulting in a system hang...

autotrace: integer overflow in input-bmp.c

A biWidthbiBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image...