20 matches found
Npgsql 安全漏洞
Npgsql is Npgsql Open Source an open source .NET data provider program for PostgreSQL. A security vulnerability exists in Npgsql, which stems from the ability of a low-privileged user to create specially crafted functions that may result in elevated privileges...
EUVD-2024-1856
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-32655
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the...
CVE-2024-32655
Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...
Security Bulletin: A vulnerability in Npgsql affects IBM Robotic Process Automation and may result in incorrect back end database access (CVE-2024-32655)
Summary A vulnerability in Npgsql affects IBM Robotic Process Automation and may result in incorrect back end database access. Ngpsql is used by IBM Robotic Process Automation for database access. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability...
CVE-2024-32655
Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...
CVE-2024-32655
Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...
UBUNTU-CVE-2024-32655
Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...
Npgsql 安全漏洞
Npgsql is Npgsql open source an open source .NET data provider program for PostgreSQL. A security vulnerability exists in Npgsql that stems from an overflow issue that can be exploited by an attacker to execute arbitrary SQL statements...
SQL Injection
Npgsql is vulnerable to SQL injection. The vulnerability is caused by an integer overflow in the WriteBind method within NpgsqlConnector.FrontendMessages.cs, which leads to miscalculated message lengths when constructing PostgreSQL protocol messages. This allows attackers to manipulate message...
GHSA-X9VC-6HFV-HG8C Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
Summary The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This causes Npgsql to write a message size that is...
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
Summary The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This causes Npgsql to write a message size that is...
SQL Injection
Overview Npgsql is a .NET data provider for PostgreSQL. Affected versions of this package are vulnerable to SQL Injection by overflowing the sum of the integer and parameter lengths in NpgsqlConnector.FrontendMessages.cs, allowing arbitrary SQL to be injected into a PostgreSQL protocol message if...
CVE-2024-32655 Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow
Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...
CVE-2024-32655 Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow
Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...
CVE-2024-32655 Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow
Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...
CVE-2024-32655
Removed by vendor...
CVE-2024-32655
Summary of CVE-2024-32655 (Npgsql) : The vulnerability arises in the WriteBind() implementation of Npgsql, where int variables used to track the Postgres protocol message length and the sum of parameter lengths overflow when the total exceeds integer capacity. This causes the constructed message ...
PT-2024-3776 · Npgsql · Npgsql
Name of the Vulnerable Software and Affected Versions: Npgsql versions prior to 4.0.14 Npgsql versions prior to 4.1.13 Npgsql versions prior to 5.0.18 Npgsql versions prior to 6.0.11 Npgsql versions prior to 7.0.7 Npgsql versions prior to 8.0.3 Description: The WriteBind method in...
Information Disclosure
Npgsql is vulnerable to information disclosure. The database password is written to stdout upon authenticating to the database...