264 matches found
kernel: netfilter: potential slab-out-of-bound access due to integer underflow
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local...
Miscalculation of OLAS Amount Due to Inaccurate LP Token Price in Specific Bonding Mechanism Scenarios
Lines of code Vulnerability details Impact Incorrect valuation of the LP Token price can result in either an excess issuance of OLAS Tokens, causing a loss to the protocol, or a lower issuance of OLAS Tokens, leading to losses for the user. Proof of Concept The prototype of the create function in...
Decimals of LendingPool don't take into account the offset introduced by VIRTUAL_SHARES
Lines of code Vulnerability details Impact The impact of this finding is more on the marketing/data fetching side, on exchanges it would appear that the shares are worth less VIRTUALSHARES than the underlying token. Given that it would influence the perception of the value of the shares token,...
PYSEC-2023-307
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used math.ceiltype.sizeinbytes / 32. T...
Upgraded Q -> 2 from #677 [1702060237936]
Judge has assessed an item in Issue 677 as 2 risk. The relevant finding follows: L-04 Deposited amounts in the EigenLayer strategy should be checked before updating the strategy for the asset Users deposit in this protocol and the protocol deposits these funds to EigenLayer strategy contracts...
Ruby: DoS in bigdecimal's sqrt function due to miscalculation of loop iterations
Vulnerability description not provided...
kernel: netfilter: potential slab-out-of-bound access due to integer underflow
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local...
CVE-2023-6239
Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object...
kernel: netfilter: potential slab-out-of-bound access due to integer underflow
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local...
LinearBondingCurve.log2 function contains an incorrect shift operation that could lead to wrong calculation.
Lines of code Vulnerability details Impact The values in the shift operation are reversed. The provided inline assembly code for the log2 function appears to be an issue in the sequence of shift operations. Let's break down the relevant part of the code: r := or r, byte and0x1f, shrshrr, x,...
Malicious first depositor can steal all funds from all future depositors
Lines of code Vulnerability details Impact Due to a miscalculation in LRTOraclegetRSETHPrice, users who call LRTDepositPooldepositAsset when rsETH.totalSupply is non-zero will receive fewer rsETH tokens than they should due to a rounding error. This can be exploited by a malicious first depositor...
OESA-2023-1730 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-nets array offset, providing attackers with the primitive to arbitrarily...
Denial Of Service (DoS) Through Infinite Loop
libX11.so is vulnerable to Denial of Service DoS. The vulnerability is due to incorrect calculation of SubImageWidth in the PutSubImage function when communicating with an X server which creates oversized requests. This miscalculation triggers an infinite loop, potentially leading to a Denial of...
CVE-2023-42753
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local...
DEBIAN-CVE-2023-42753
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local...
Total stake will be incorrectly reduced if the transcoder was already deactivated.
Lines of code Vulnerability details Impact This will result in the total active stake being incorrectly calculated in future rounds. Some transcoders may get more or less rewards than they should. Proof of Concept The key functions involved are: slashTranscoder - Called to slash a transcoder...
SUSE CVE-2023-40574
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the writePixelBGRX function. This issue is likely down to incorrect calculations of the nHeight and srcStep variables. This issue has...
CVE-2023-20798
In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076...
IF THE UNDERLYING ASSET IS A FEE ON TRANSFER TOKEN IT COULD BREAK THE INTERNAL ACCOUNTING OF THE VAULT
Lines of code Vulnerability details Impact The Vault.deposit function is used by the users to deposit assets to the vault and mint vault shares to the recipient address. The amount of assets are transferred to the Vault as follows: SafeERC20.safeTransferFrom asset, caller, addressthis,...
The initial total supply of the role can be miscalculated in some cases
Lines of code Vulnerability details Impact Due to miscalculations during LlamaPolicy contract deployment the initial supply of the role can be set wrongly. And most of strategies will not work as intended. Moreover users will not be able to start an Action for some strategies as well. Proof of...