57 matches found
EUVD-2026-25022
ln: rejects non-UTF-8 source filenames in target-directory mode...
CVE-2026-49234
When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...
GHSA-GC6Q-CWCJ-3VH9 Routinator crashes when sending a maliciously crafted select-asn query parameter
When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...
CVE-2026-49234
Routinator is affected by CVE-2026-49234 where sending a specifically crafted non-UTF-8 string as the select-asn parameter to the /api/v1/origins endpoint causes the application to crash. Affected component: the API handling for origins; root cause: non-UTF-8 string processing leads to a crash. I...
PT-2026-47303
Name of the Vulnerable Software and Affected Versions Routinator affected versions not specified Description Routinator crashes when a specifically crafted non-UTF-8 string is sent as the select-asn query parameter to the '/api/v1/origins' endpoint. This issue specifically impacts users who permi...
CVE-2026-42327
A flaw was found in rust-openssl, a library providing OpenSSL bindings for the Rust programming language. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate. This certificate, containing non-UTF-8 characters in its OCSP Online Certificate Status...
Linux Distros Unpatched Vulnerability : CVE-2026-42327
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from...
UBUNTU-CVE-2026-42327
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...
EUVD-2026-30474
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...
CVE-2026-42327
The CVE-2026-42327 vulnerability affects rust-openssl bindings for OpenSSL, where X509Ref::ocsp_responders returns OCSP responder URLs from the AIA extension. In versions 0.9.7 through before 0.10.79, the code constructs &str from IA5String bytes using an unchecked UTF-8 assumption, allowing non-...
CVE-2026-42327 rust-openssl: undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...
CVE-2026-42327 rust-openssl: undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...
rust-openssl has undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs
X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce that the underlying IA5String is ASCII, so a certificate with non-UTF-8 bytes in its OCSP accessLocation...
GHSA-XP3W-R5P5-63RR rust-openssl has undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs
X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce that the underlying IA5String is ASCII, so a certificate with non-UTF-8 bytes in its OCSP accessLocation...
CVE-2026-35375
A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...
EUVD-2026-25026
A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...
GHSA-VX9M-XJWF-8CQM uutils coreutils has an Improper Handling of Unicode Encoding Issue
A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...
GHSA-XH5H-P8C5-4W4X Duplicate Advisory: uutils coreutils has an Improper Handling of Unicode Encoding Issue
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jcjr-rh8q-7xqf. This link is maintained to preserve external references. Original Description A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8...
Duplicate Advisory: uutils coreutils has an Improper Handling of Unicode Encoding Issue
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jcjr-rh8q-7xqf. This link is maintained to preserve external references. Original Description A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8...
uutils coreutils has an Uncaught Exception When Encountering Valid but Non-UTF-8 Paths
The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect, causing an immediate crash when encountering valid but non-UTF-8 paths. This diverg...