79 matches found
Astra Linux – Vulnerability in pcre2
There is an integer overflow vulnerability in pcre2test before version 10.41. Attackers can exploit this vulnerability to cause a denial of service or other unspecified impacts due to malicious inputs...
JLSEC-2026-59
Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input...
CVE-2026-34378 OpenEXR has a signed integer overflow in generic_unpack() when parsing EXR files with crafted negative dataWindow.min.x
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overfl...
GO-2026-4902 nginx-ui Vulnerable to DoS via Negative Integer Input in Logrotate Interval in github.com/0xJacky/Nginx-UI
nginx-ui Vulnerable to DoS via Negative Integer Input in Logrotate Interval in github.com/0xJacky/Nginx-UI...
CVE-2026-33029 Nginx UI: DoS via Negative Integer Input in Logrotate Interval
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service DoS. By submitting a negative integer for the rotation interval, the backend enter...
CVE-2026-33029 Nginx UI: DoS via Negative Integer Input in Logrotate Interval
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service DoS. By submitting a negative integer for the rotation interval, the backend enter...
CVE-2026-33029 Nginx UI: DoS via Negative Integer Input in Logrotate Interval
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service DoS. By submitting a negative integer for the rotation interval, the backend enter...
nginx-ui Vulnerable to DoS via Negative Integer Input in Logrotate Interval
Summary An input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service DoS. By submitting a negative integer for the rotation interval, the backend enters an infinite loop or an invalid state, rendering the web interface...
nginx-ui Vulnerable to DoS via Negative Integer Input in Logrotate Interval
An input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service DoS. By submitting a negative integer for the rotation interval, the backend enters an infinite loop or an invalid state, rendering the web interface unresponsive...
EUVD-2026-14371
Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...
jsrsasign is vulnerable to DoS through Infinite Loop when processing zero or negative inputs
Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...
GHSA-8G7P-JF3G-GXCP jsrsasign is vulnerable to DoS through Infinite Loop when processing zero or negative inputs
Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...
CVE-2026-4598
Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...
CVE-2026-4598
Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...
CVE-2026-4598
Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...
CVE-2026-4598
CVE-2026-4598 affects the JavaScript crypto library jsrsasign. Versions before 11.1.1 are vulnerable to an infinite loop in bnModInverse (ext/jsbn2.js) when BigInteger.modInverse receives zero or negative inputs, allowing a process to hang. The issue is caused by input handling in modInverse, lea...
PT-2026-27054
Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...
Infinite loop
Overview org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker ...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in the crc32combinegen64 function. An attacker can cause excessive CPU consumption by providing negative argument that triggers a loop with no termination condition. Remediation Upgrade zlib to version 1.3.2 or higher...
CVE-2026-21869 llama.cpp has Out-of-bounds Write in llama-server
llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the ndiscard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fill...