Fiber 输入验证错误漏洞

Fiber is an open source web framework written in Go language by Fiber Open Source. An input validation error vulnerability exists in Fiber versions prior to 2.52.6 through 2.52.7, which stems from a crash in fiber.Ctx.BodyParser when processing negative indexes, which could result in a denial of...

PT-2024-18938 · Npm · Node-Stringbuilder

Name of the Vulnerable Software and Affected Versions: node-stringbuilder versions all Description: The issue arises from incorrect memory length calculation in the node-stringbuilder package, leading to an Out-of-bounds Read. This occurs when methods such as ToBuffer, ToString, or CharAt are...

CVE-2024-24563

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an int as an index for an array. The typechecker allows the usage of...

PT-2024-20454 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions prior to the fixed version Description: The issue arises from the typechecker allowing the usage of signed integers as indexes to arrays, which are defined for unsigned integers only. This can lead to unpredictable behavior,...

Internet Bug Bounty: Interger overflow in eval trigger write out of bound

Hi security team, i reported some samples triggered crash in eval funtion in perl. The bug come because variable start and items used type I32 which takes half the range of linet and folds it into negative numbers, leading to trying to store the lines at negative indexes...

Multiple bugs in MDaemon

IMAP4 buffer overflow, negative array indexes problem in POP3...