1907 matches found
GO-2022-1098 Denial of service in message decoding in github.com/btcsuite/btcd
Erroneous message decoding can cause denial of service. Improper checking of maximum witness size during node message decoding prevented nodes in Lightning Labs lnd before 0.15.2-beta to sync...
expat: Integer overflow in storeRawNames()
An integer overflow was found in expat. The issue occurs in storeRawNames by abusing the mbuffer expansion logic to allow allocations very close to INTMAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution...
Filling all auction slots to win the auction
Lines of code Vulnerability details Vulnerability details Description The number of bids for one auction is limited to 1000. It means that someone may make all 1000 bids and thus invalidate all other bids. Therefore, a malicious user can win the auction with the minimum possible bid. It may seem...
PT-2022-28261 · Ckb · Ckb
Name of the Vulnerable Software and Affected Versions: ckb version 0.101.2 Description: The issue arises when the max cycles is insufficient, causing ScriptError::ExceededMaximumCycles to be raised directly instead of suspending as expected. This occurs randomly due to the random execution order ...
UBUNTU-CVE-2022-42314
Xenstore: guests can let run xenstored out of memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service...
Xenstore: Guests can crash xenstored
ISSUE DESCRIPTION Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the...
PT-2022-7321 · Xenstore +1 · Xenstore +1
Name of the Vulnerable Software and Affected Versions: Xenstore affected versions not specified Description: The issue is related to the uncontrolled allocation of resources in Xenstore, which can lead to a Denial of Service DoS of xenstored. Malicious guests can cause xenstored to allocate large...
PT-2022-7331 · Xen +1 · Xenstore +1
Name of the Vulnerable Software and Affected Versions: Xenstore affected versions not specified Description: The issue is related to uncontrolled resource allocation in the Xenstore storage of the Xen hypervisor. Exploitation can lead to a denial of service DoS of xenstored. Malicious guests can...
Arbitrary user can prevent withdrawals on any users through liquidation
Lines of code Vulnerability details Impact The function liquidate is a public function that handles the repayment of debt and provides a reward for users who call this function. Any user can be liquidated if they have debt outstanding. A user incurs debt if they borrow from the market, based on a...
DEBIAN-CVE-2022-3616
Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer...
UBUNTU-CVE-2022-3616
Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer...
CVE-2022-3616 OctoRPKI crash when maximum iterations number is reached
Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer...
PT-2022-23238 · Octorpki +1 · Octorpki +1
Name of the Vulnerable Software and Affected Versions: OctoRPKI versions prior to 1.4.4 Description: Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter, causing the program to crash and preventing it from finishing the validation, resulting ...
expat: Integer overflow in storeRawNames()
An integer overflow was found in expat. The issue occurs in storeRawNames by abusing the mbuffer expansion logic to allow allocations very close to INTMAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution...
The requestRandomSeed() function can be manipulated
Lines of code Vulnerability details Impact The task of the requestRandomSeed function works in ArtGobblers.sol for Request a new random seed from ChainlinkV1. There is a working rule: Can only be called every 24 hours at the earliest To make the requestRandomSeed function run every 24 hours; The...
PT-2022-7366 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a possible overflow in the amu fie setup function. The cpufreq get hw max freq function returns the maximum frequency in kHz as an unsigned int, while the freq...
Attacker can force AuctionCrowdfunds to bid their entire contribution up to maxBid
Lines of code Vulnerability details Description AuctionCrowdfund's bid allows any user to compete on an auction on the party's behalf. The code in bid forbids placing a bid if party is already winning the auction: if market.getCurrentHighestBidderauctionId == addressthis revert...
GHSA-4W68-4X85-MJJ9 TensorFlow vulnerable to segfault in `QuantizedAvgPool`
Impact If QuantizedAvgPool is given mininput or maxinput tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. python import tensorflow as tf ksize = 1, 2, 2, 1 strides = 1, 2, 2, 1 padding = "SAME" input = tf.constant1, shape=1,4,4,2,...
PT-2022-23069 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue arises when QuantizedInstanceNorm is given x min or x max tensors of ...
GHSA-MP5P-G2JV-R8QW rdiffweb contains Weak Password Requirements
rdiffweb version 2.4.1 has no password policy or password checking, which could make users vulnerable to brute force password guessing attacks. Version 2.4.2 enforces minimum and maximum password lengths...