CVE-2022-32189

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service...

Denial of service

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service...

CVE-2022-32189

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service...

UBUNTU-CVE-2022-32189

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service...

CVE-2022-32189 Panic when decoding Float and Rat types in math/big

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service...

CVE-2022-32189

CVE-2022-32189 affects Go's math/big: decoding big.Float and big.Rat can panic if the encoded message is too short, potentially causing a denial of service. The Initial Description cites vulnerable versions as Go before 1.17.13 and 1.18.5. Connected advisories (ALMA/ALAS) indicate fixes are distr...

CVE-2022-32189

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service...

CVE-2022-32189

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service...

GO-2022-0537 Panic when decoding Float and Rat types in math/big

Decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service...

Ruby on Rails: Rails::Html::SafeListSanitizer vulnerable to XSS when certain tags are allowed (math+style || svg+style)

Intro The Rails HTML sanitzier allows to set certain combinations of tags in it's allow list that are not properly handled. Similar to the report 1530898, which identified the combinationselect and style as vulnerable, my fuzz testing from today suggests that also svg and style as well as math an...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.10.25 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.25 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...

go -- decoding big.Float and big.Rat can panic

The Go project reports: encoding/gob & math/big: decoding big.Float and big.Rat can panic Decoding big.Float and big.Rat types can panic if the encoded message is too short...

The vulnerability in the implementation of the SetString() function in the Rat class of the math/big programming language in Go allows a attacker to cause a service failure.

The vulnerability of the SetString function implementation in the Rat class of the Go programming language in the math/big package involves resource exhaustion. Exploiting this vulnerability could allow an attacker to cause a service failure...

USN-5348-3: Smarty vulnerabilities

USN-5348-1 fixed several vulnerabilities in Smarty. This update provides the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and CVE-2021-29454 for Ubuntu 20.04 ESM. Original advisory details: David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths prese...

USN-5348-3 smarty3 vulnerabilities

USN-5348-1 fixed several vulnerabilities in Smarty. This update provides the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and CVE-2021-29454 for Ubuntu 20.04 ESM. Original advisory details: David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths prese...

routerBalances[msg.sender][_local] can be inflated in repayAavePortal due to underflow in unchecked math

Lines of code Vulnerability details function repayAavePortal address local, uint256 backingAmount, uint256 feeAmount, uint256 maxIn, bytes32 transferId external uint256 totalAmount = backingAmount + feeAmount; // in adopted uint256 routerBalance = s.routerBalancesmsg.senderlocal; // in local //...

glibc bug fix update

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The glibc packages provide the standard C libraries libc, POSIX thread librarie...

golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString

A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system...

SUSE: Security Advisory (SUSE-SU-2022:2038-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for grub2 (SUSE-SU-2022:2035-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...