CVE-2024-11498

CVE-2024-11498 affects the libjxl (JPEG XL) library. A crafted file can trigger a stack-based overflow, causing the decoder to allocate large stack space (up to 256–512 MB) and potentially exhaust stack memory, leading to denial of service. Multiple advisories and deployable updates reference thi...

CVE-2024-11498

There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space up to 256mb is possible, maybe 512mb, potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend...

Duplicate or Excessive Data in the Site Database May Cause Delivery Controller Performance Issues

The Citrix Broker Service experiences memory usage spikes, with memory consumption increasing significantly over a short period. This may lead to degraded performance or instability on the Delivery Controller. Affected Environments : CVAD environments with manually provisioned VDAs or PVS VDAs...

smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

Summary An attacker can send a maliciously crafted TOML to cause the parser to crash because of a stack overflow caused by a deeply nested inline structure. A similar problem occurs when attempting to stringify deeply nested objects. The library does not limit the maximum exploration depth while...

GHSA-GJCC-JVGW-WVWJ Litestar allows unbounded resource consumption (DoS vulnerability)

Summary Litestar offers multiple methods to return a parsed representation of the request body, as well as extractors that rely on those parsers to map request content to structured data types. Multiple of those parsers do not have size limits when reading the request body into memory, which allo...

SUSE CVE-2024-52532

GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients...

AZL-53081 CVE-2024-52532 affecting package libsoup for versions less than 3.4.4-2

GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients...

NATS Server Configuration Advice for Use With Veeam Backup for Microsoft 365

Purpose This article provides advice for optimizing NATS Server configuration when used in conjunction with Veeam Backup for Microsoft 365. Solution When Veeam Backup for Microsoft 365 is deployed using the included NATS Server, the system variable 'GOMEMLIMIT ' is set to 30% of the total system...

K000148381: Node.js vulnerability CVE-2021-22883

Security Advisory Description Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the...

ROS-20241023-07

Vulnerability of the BufWinLeave function of the vim text editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker to gain access to confidential information. information...

ROS-20241023-02

Vulnerability of the BufWinLeave function of the vim text editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker to gain access to confidential information. information...

ROS-20241023-11

Vulnerability of the BufWinLeave function of the vim text editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker to gain access to confidential information. information...

ROS-20241023-09

Vulnerability of the BufWinLeave function of the vim text editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker to gain access to confidential information. information...

ROS-20241023-08

Vulnerability of the BufWinLeave function of the vim text editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker to gain access to confidential information. information...

ROS-20241023-06

Vulnerability of the BufWinLeave function of the vim text editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker to gain access to confidential information. information...

ROS-20241021-07

Vulnerability of ssh-agent of OpenSSH cryptographic protection tool is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service or execute arbitrary code...

SUSE CVE-2024-45797

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5....

ROS-20241017-09

Vulnerability of the alistadd function of the vim text editor is related to memory usage after its after it has been freed. Exploitation of the vulnerability could allow an attacker to execute arbitrary autocommands Vulnerability of instypebuf function of vim text editor is related to buffer...

DEBIAN-CVE-2024-45797

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5....

UBUNTU-CVE-2024-45797

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5....