13 matches found
CVE-2026-35375
A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...
CVE-2026-35375 uutils coreutils split Local Data Integrity Issue via Lossy Filename Encoding
A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...
Medium: rust
Issue Overview: A flaw in the gix-date library can generate invalid non-UTF8 strings, leading to undefined behavior when processed. The most likely impact from a successful attack is to data integrity, by the malicious data being able to corrupt data being hold in memory and to system availabilit...
GHSA-8RGQ-M2PM-JVMG Duplicate Advisory: gix-date can create non-utf8 string with `TimeBuf::as_str`
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6mw6-mj76-grwc. This link is maintained to preserve external references. Original Description A flaw was found in gix-date. The gixdate::parse::TimeBuf::asstr function can generate strings containing invalid...
CVE-2026-0810
CVE-2026-0810 affects the gix-date component. The TimeBuf::as_str parse path can produce strings containing invalid non-UTF8 characters, violating internal safety invariants of TimeBuf and causing undefined behavior when such strings are later processed. Public disclosures in NVD, Red Hat advisor...
GHSA-CX7H-H87R-JPGR The kstring integration in gix-attributes is unsound
gix-attributes in state::ValueRef unsafely creates a &str from a &u8 containing non-UTF8 data, with the justification that so long as nothing reads the &str and relies on it being UTF-8 in the &str, there is no UB: rust // SAFETY: our API makes accessing that value as str impossible, so illformed...
The kstring integration in gix-attributes is unsound
gix-attributes in state::ValueRef unsafely creates a &str from a &u8 containing non-UTF8 data, with the justification that so long as nothing reads the &str and relies on it being UTF-8 in the &str, there is no UB: rust // SAFETY: our API makes accessing that value as str impossible, so illformed...
RUSTSEC-2024-0359 The kstring integration in gix-attributes is unsound
gix-attributes in state::ValueRef unsafely creates a &str from a &u8 containing non-UTF8 data, with the justification that so long as nothing reads the &str and relies on it being UTF-8 in the &str, there is no UB: rust // SAFETY: our API makes accessing that value as str impossible, so illformed...
CVE-2023-27488 Envoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when failuremodeallow: true is configured for extauthz filter. For affected components that are used for loggin...
CVE-2023-27488 Envoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when failuremodeallow: true is configured for extauthz filter. For affected components that are used for loggin...
Freeze Bridge via Non-UTF8 Token Name/Symbol/Denom
Handle nascent Vulnerability details Manual insertion of non-utf8 characters in a token name will break parsing of logs and will always result in the oracle getting in a loop of failing and early returning an error. The fix is non-trivial and likely requires significant redesign. Proof of Concept...
Denial Of Service (DoS)
flask is vulnerable to denial of service. An attacker is able to crash the application from an unexpected memory usage by submitting malicious JSON data containing non-UTF8 charatcers...
MDKA-2006:015 : gthumb
A bug was discovered in gthumb were the UI User Interface can get corrupted when importing photos in some non-UTF8 locales such as French. Some text strings returned from libgphoto where not converted into UTF-8 before being used by GTK+. Updated packages have been patched to correct the issue...