CVE-2023-24536 Excessive resource consumption in net/http, net/textproto and mime/multipart

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

SUSE CVE-2020-28493

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...

Vim text editor’s build_stl_str_hl() function vulnerability, allowing an attacker to execute arbitrary code

The vulnerability of the buildstlstrhl function in the Vim text editor is related to the execution of an operation beyond the buffer’s memory limits. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

CVE-2022-24375

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False...

node-opcua 资源管理错误漏洞

node-opcua is a French Sterfive SAS open source implementation of an OPC UA stack written entirely in Typescript for NodeJS. A resource management error vulnerability exists in versions of node-opcua prior to 2.74.0. An attacker can exploit this vulnerability to bypass excessive memory consumptio...

FreeOpcUa 安全漏洞

FreeOpcUa is an open source C++ OPC-UA server and client library. A security vulnerability exists in FreeOpcUa, which is susceptible to a denial of service DoS attack when sending multiple CloseSession requests with the DeleteSubscription parameter equal to False to bypass excessive memory...

PT-2022-16588 · Freeopcua · Freeopcua

Name of the Vulnerable Software and Affected Versions: freeopcua/freeopcua versions all Description: The issue allows for Denial of Service DoS by bypassing limitations for excessive memory consumption. This is achieved by sending multiple CloseSession requests with the deleteSubscription paramet...

PYSEC-2022-43180

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 previously known as avro-rs. Users should update to apache-avro version 0.14.0 which addresses...

Rust-WebSocket memory allocation based on untrusted length

Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...

USN-5546-1 openjdk-8, openjdk-lts, openjdk-17, openjdk-18 vulnerabilities

Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18. CVE-2022-21449 It was discovered that OpenJDK incorrectly limited memo...

Unbounded memory allocation based on untrusted length

Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...

SUSE-SU-2021:3977-1 Security update for xen

This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACEgranttable handling XSA-384 bsc1189632. - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly XSA-386 bsc1191363. - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD...

python-jinja2: ReDoS vulnerability in the urlize filter

A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...

OPENSUSE-SU-2021:2923-1 Security update for xen

This update for xen fixes the following issues: Update to Xen 4.13.3 general bug fix release bsc1027519. Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed bsc1186428 - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling bsc1186429 - CVE-2021-008...

SUSE-SU-2021:2923-1 Security update for xen

This update for xen fixes the following issues: Update to Xen 4.13.3 general bug fix release bsc1027519. Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed bsc1186428 - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling bsc1186429 - CVE-2021-008...

SUSE-SU-2021:2922-1 Security update for xen

This update for xen fixes the following issues: Update to Xen 4.13.3 general bug fix release bsc1027519. Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed bsc1186428 - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling bsc1186429 - CVE-2021-008...

ALPINE-CVE-2021-28700

xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured...

python-jinja2: ReDoS vulnerability in the urlize filter

A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...

python-jinja2: ReDoS vulnerability in the urlize filter

A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...

The vulnerability of the xz_head function in the xzlib.c component of the Libxml2 library, related to a lack of resource allocation mechanism, allows attackers to cause service failures.

The vulnerability of the xzhead function in the xzlib.c component of the Libxml2 library is related to the lack of memory constraints. Exploiting this vulnerability allows a remote attacker to cause a service failure through the use of a specially created LZMA file...