CVE-2024-37820

A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation...

CVE-2024-37820

A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation...

PT-2024-27766 · Pingcap · Tidb

Name of the Vulnerable Software and Affected Versions: PingCAP TiDB versions prior to 8.2.0 Description: A nil pointer dereference in PingCAP TiDB allows attackers to crash the application via expression.inferCollation. Recommendations: For versions prior to 8.2.0, update to version 8.2.0 or late...

CVE-2024-37820

A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation...

UBUNTU-CVE-2024-35984

In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when using the designware controller as target only. Target-only modes break the assumption of one transfer function always being available. Fix this by...

RHEL 7 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: arbitrary command execution via VCS path CVE-2018-7187 - golang: Command-line arguments may...

GO-2024-2454 Panic due to nil pointer dereference in github.com/lestrrat-go/jwx/v2

Panic due to nil pointer dereference in github.com/lestrrat-go/jwx/v2...

CVE-2024-21664

jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS ...

CVE-2024-21664

Technical details about CVE-2024-21664 are not publicly available in the provided connected documents. Monitor for updates; remediation in the initial description indicates patches in versions 2.0.19 and 1.2.28.

CVE-2024-21664 Parsing JSON serialized payload without protected field can lead to segfault

jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS ...

CVE-2024-21664 Parsing JSON serialized payload without protected field can lead to segfault

jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS ...

GHSA-PVCR-V8J8-J5Q3 Parsing JSON serialized payload without protected field can lead to segfault

Summary Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. Details This seems to also affect other functions that calls Parse internally, like jws.Verify. My understanding of these functions from t...

Parsing JSON serialized payload without protected field can lead to segfault

Summary Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. Details This seems to also affect other functions that calls Parse internally, like jws.Verify. My understanding of these functions from t...

PT-2024-19006 · Jwx · Jwx

Name of the Vulnerable Software and Affected Versions: jwx versions prior to 1.2.28 jwx versions prior to 2.0.19 Description: The issue arises when calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent, leading to a nil pointer dereference...

CVE-2023-46239

quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...

CVE-2023-46239

quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...

UBUNTU-CVE-2023-46239

quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node...

CVE-2023-46239

Summary: CVE-2023-46239 affects quic-go (Go implementation of QUIC). From 0.37.0 up to, but not including, 0.37.3, an attacker could trigger a nil pointer dereference by serializing an ACK frame after cryptographic processing that completes the handshake, causing the node to panic when dropping t...

GHSA-3Q6M-V84F-6P9H quic-go vulnerable to pointer dereference that can lead to panic

quic-go is an implementation of the QUIC transport protocol in Go. By serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference leading to a panic when the node attempted to drop the Handshake packet number space...

PT-2023-29922 · Quic-Go · Quic-Go

Name of the Vulnerable Software and Affected Versions: quic-go versions 0.37.0 through 0.37.2 Description: The issue arises from serializing an ACK frame after the CRYPTO frame, allowing a node to complete the handshake. This can trigger a nil pointer dereference when the node attempts to drop th...