21 matches found
EUVD-2026-24136
The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...
CVE-2026-3298
The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...
PSF-2026-20
The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...
CVE-2026-3298
The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...
PSF-0000-CVE-2026-3298
The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...
CVE-2026-3298
CVE-2026-3298 describes an out-of-bounds write in Windows-only asyncio.ProacterEventLoop.sock_recvfrom_into() when using the nbytes parameter. The root cause is a missing boundary check for the destination data buffer, enabling a write past the buffer size if incoming data exceeds it. Non-Windows...
CVE-2026-3298 Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes
The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...
CVE-2026-33298
A flaw was found in llama.cpp. A remote attacker could exploit an integer overflow vulnerability in the ggmlnbytes function by crafting a malicious GGUF GGML Universal Format file with specific tensor dimensions. This flaw causes the ggmlnbytes function to return an incorrect size, leading to a...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the ggmlnbytes function. An attacker can achieve memory corruption and potentially execute arbitrary code by supplying a specially crafted GGUF file with manipulated tensor dimensions that trigger an intege...
CVE-2026-33298
llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the ggmlnbytes function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes ggmlnbytes to return a significantly smaller...
UBUNTU-CVE-2026-33298
llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the ggmlnbytes function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes ggmlnbytes to return a significantly smaller...
EUVD-2026-14668
llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the ggmlnbytes function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes ggmlnbytes to return a significantly smaller...
CVE-2026-33298
llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the ggmlnbytes function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes ggmlnbytes to return a significantly smaller...
CVE-2026-33298 llama.cpp has a Heap Buffer Overflow via Integer Overflow in GGUF Tensor Parsing
llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the ggmlnbytes function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes ggmlnbytes to return a significantly smaller...
CVE-2026-33298
llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the ggmlnbytes function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes ggmlnbytes to return a significantly smaller...
PT-2026-27272
Name of the Vulnerable Software and Affected Versions llama.cpp versions prior to b7824 Description The software is susceptible to an integer overflow in the ggml nbytes function. This allows an attacker to bypass memory validation by creating a specially crafted GGUF file with specific tensor...
CVE-2022-28202
A flaw was found in MediaWiki. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete...
CVE-2022-28202
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete...
DEBIAN-CVE-2022-28202
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete...
UBUNTU-CVE-2022-28202
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete...