321 matches found
The string component in the GNU C Library (aka glibc or libc6) through 2.28 when running on the x32 architecture incorrectly attempts to use a 64-bit register for size_t in assembly codes which can lead to a segmentation fault or possibly unspecified other impact as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.
...
httpd: Push diary crash on specifically crafted HTTP/2 header
A flaw was found in Apache httpd in versions prior to 2.4.46. A specially crafted Cache-Digest header triggers negative argument to memmove that could lead to a crash and denial of service. The highest threat from this vulnerability is to system availability...
httpd: Push diary crash on specifically crafted HTTP/2 header
A flaw was found in Apache httpd in versions prior to 2.4.46. A specially crafted Cache-Digest header triggers negative argument to memmove that could lead to a crash and denial of service. The highest threat from this vulnerability is to system availability...
USN-4416-1: GNU C Library vulnerabilities
Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. CVE-2017-121...
USN-4416-1 glibc vulnerabilities
Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. CVE-2017-121...
CVE-2020-13111
NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing t...
CVE-2020-13111
NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing t...
CVE-2020-13111
NaviServer 4.99.4–4.99.19 is affected by a denial-of-service in the nsd/driver.c ChunkedDecode function, caused by improper validation of chunk length. A remote attacker can craft a chunked-transfer request that passes a negative size to memmove, crashing the process. The issue is documented acro...
rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter in this case, a space or a colon but fails to account for strings that do not satisfy this...
LEADTOOLS CMP-parsing code execution vulnerability
Summary An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this vulnerability...
CVE-2019-17041
An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter in this case, a space or a colon but fails to account for strings that do not satisfy this...
CVE-2019-17042
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter in this case, a space or a colon, but fails to account for strings that do not satisfy this constraint. If...
UBUNTU-CVE-2019-17042
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter in this case, a space or a colon, but fails to account for strings that do not satisfy this constraint. If...
PYSEC-2019-238
An issue was discovered in py-lmdb 0.97. mdbnodedel does not validate a memmove in the case of an unexpected node-mnhi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...
UBUNTU-CVE-2019-16226
An issue was discovered in py-lmdb 0.97. mdbnodedel does not validate a memmove in the case of an unexpected node-mnhi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...
CVE-2019-16226
An issue was discovered in py-lmdb 0.97. mdbnodedel does not validate a memmove in the case of an unexpected node-mnhi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...
CVE-2019-16226
CVE-2019-16226 affects py-lmdb 0.97. The vulnerability arises in the mdb_node_del function, which does not validate a memmove when encountering an unexpected node->mn_hi, leading to an invalid write operation. This is described as occurring when accessing a data.mdb file supplied by an attacke...
py39-lmdb -- multiple vulnerabilities
TeamSeri0us reports: An issue was discovered in py-lmdb 0.97. For certain values of mdflags, mdbnodeadd does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. An issue was discovered i...
shopify-scripts: Invalid read in `str_replace_partial`
PoC === The attached POC shows an invalid read. Debug info ========== The issue happens when memmove is called inside strreplacepartial. valgrind report: 0==27051== Invalid read of size 1 ==27051== at 0x483FA10: memmove vgreplacestrmem.c:1270 ==27051== by 0x135D60: strreplacepartial string.c:1193...
CVE-2017-10720
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi name. This application is installe...