Misaligned pointer dereference in `ChunkId::new`

The function ChunkId::new creates a misaligned pointer by casting mutable pointer of u8 slice which has alignment 1 to the mutable pointer of u32 which has alignment 4, and dereference the misaligned pointer leading UB, which should not be allowed in safe function...

SUSE CVE-2023-26268

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...

UBUNTU-CVE-2023-26268

Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: validatedocupdate list filter filter views using view functions as filters rewrite update This doesn't affect map/reduce or searc...

PT-2023-20577 · Apache · Apache Couchdb

Name of the Vulnerable Software and Affected Versions: Apache CouchDB versions prior to 3.2.3 Apache CouchDB versions prior to 3.3.2 Description: Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design...

couchdb -- information sharing via couchjs processes

Nick Vatamane reports: Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using various design document functions...

CVE-2023-23931

A vulnerability was found in python-cryptography. In affected versions, Cipher.updateinto would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects such as bytes to be mutated, thus violating the fundamental rules of...

GHSA-CF4G-FCF8-3CR9 `pnet_packet` buffer overrun in `set_payload` setters

As indicated by this issue, a buffer overrun is possible in the setpayload setter of the various mutable "Packet" struct setters. The offending setpayload functions were defined within the struct impl blocks in earlier versions of the package, and later by the packet macro. Fixed in the packet...

CVE-2023-23931

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...

prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior

In function Table::asref, a reference of vector is force cast to slice. There are multiple problems here: 1. To guarantee the size is correct, we have to first do Vec::shrinktofit. The function requires a mutable reference, so we have to force cast from immutable to mutable, which is undefined...

Protobuf Java vulnerable to Uncontrolled Resource Consumption

A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown...

DEBIAN-CVE-2022-3510

A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown...

CVE-2022-3171

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

UBUNTU-CVE-2022-3171

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

ASB-A-154913391

In startInputUncheckedLocked of InputMethodManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...

A malicious coder can get unsound access to TCell or TLCell memory

This is impossible to do by accident, but by carefully constructing marker types to be covariant, a malicious coder can cheat the singleton check in TCellOwner and TLCellOwner, giving unsound access to cell memory. This could take the form of getting two mutable references to the same memory, or ...

GHSA-P6GJ-GPC8-F8XW Aliased mutable references from `tls_rand` & `TlsWyRand`

TlsWyRand's implementation of Deref unconditionally dereferences a raw pointer, and returns multiple mutable references to the same object, which is undefined behavior...

Aliased mutable references from `tls_rand` & `TlsWyRand`

TlsWyRand's implementation of Deref unconditionally dereferences a raw pointer, and returns multiple mutable references to the same object, which is undefined behavior...

Tahoe-LAFS fails to ensure integrity

Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval...

GHSA-V62P-CJV8-35XH Tahoe-LAFS fails to ensure integrity

Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval...

Out of bounds read and write in Tensorflow

Impact There is a typo in TensorFlow's SpecializeType which results in heap OOB read/write: cc for int i = 0; i argssize; j++ auto arg = t-mutableargsi; // ... Due to a typo, arg is initialized to the ith mutable argument in a loop where the loop index is j. Hence it is possible to assign to arg...