137 matches found
CVE-2018-11820
Use of non-time constant memcmp function creates side channel that leaks information and leads to cryptographic issues in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...
CVE-2018-11820
CVE-2018-11820 concerns a side-channel leak caused by using a non-time-constant memcmp function in Qualcomm/Snapdragon components. Affected platforms include Snapdragon Auto/Compute/Connectivity, Snapdragon IoT lines and many SDM/SD/SDM variants (e.g., IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640,...
CVE-2018-11820
Use of non-time constant memcmp function creates side channel that leaks information and leads to cryptographic issues in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...
Code injection
Use of non-time constant memcmp function creates side channel that leaks information and leads to cryptographic issues in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...
CVE-2019-7309
In the GNU C Library aka glibc or libc6 through 2.29, the memcmp function for the x32 architecture can incorrectly return zero indicating that the inputs are equal because the RDX most significant bit is mishandled...
CVE-2019-7309
In the GNU C Library aka glibc or libc6 through 2.29, the memcmp function for the x32 architecture can incorrectly return zero indicating that the inputs are equal because the RDX most significant bit is mishandled...
CVE-2019-7309
In the GNU C Library aka glibc or libc6 through 2.29, the memcmp function for the x32 architecture can incorrectly return zero indicating that the inputs are equal because the RDX most significant bit is mishandled...
Code injection
In the GNU C Library aka glibc or libc6 through 2.29, the memcmp function for the x32 architecture can incorrectly return zero indicating that the inputs are equal because the RDX most significant bit is mishandled...
UBUNTU-CVE-2019-7309
In the GNU C Library aka glibc or libc6 through 2.29, the memcmp function for the x32 architecture can incorrectly return zero indicating that the inputs are equal because the RDX most significant bit is mishandled...
CVE-2019-7309
CVE-2019-7309 affects the GNU C Library (glibc) memcmp on x32 where the RDX MSB is mishandled, causing memcmp to incorrectly return 0 (inputs equal) through glibc 2.29. The IBM bulletin for IBM Robotic Process Automation for Cloud Pak lists CVE-2019-7309 among vulnerabilities and instructs updati...
CVE-2019-7309
In the GNU C Library aka glibc or libc6 through 2.29, the memcmp function for the x32 architecture can incorrectly return zero indicating that the inputs are equal because the RDX most significant bit is mishandled...
CVE-2019-7309
In the GNU C Library aka glibc or libc6 through 2.29, the memcmp function for the x32 architecture can incorrectly return zero indicating that the inputs are equal because the RDX most significant bit is mishandled...
CVE-2018-5913
A non-time constant function memcmp is used which creates a side channel that could leak information in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile...
Code injection
It was found that xorg-x11-server before 1.19.0 including uses memcmp to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp implementations return after an invalid byte is seen, this causes a ti...
CVE-2017-2624
It was found that xorg-x11-server before 1.19.0 including uses memcmp to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp implementations return after an invalid byte is seen, this causes a ti...
389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c
It was found that 389-ds-base did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances...
389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c
It was found that 389-ds-base did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances...
Creolabs Gravity 'memcmp' function buffer overflow vulnerability
Creolabs Gravity is an open source lightweight embedded programming language from Creolabs, Italy. The language supports procedural programming, object-oriented programming, functional programming and data-driven programming. A buffer overflow vulnerability exists in the 'memcmp' function in...
CVE-2017-1000075
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function...
CVE-2017-1000075
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function...