OESA-2025-1116 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables...

SUSE CVE-2024-3096

In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, if a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true...

CVE-2024-24957

Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these...

CVE-2024-24955

Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these...

CVE-2024-24956

Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these...

CVE-2024-24958

Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these...

UBUNTU-CVE-2025-0825

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more...

cpp-httplib 安全漏洞

cpp-httplib is an HTTP/HTTPS server and client library written in C++ by the individual developer yhirose. A security vulnerability exists in cpp-httplib versions v0.17.3 through v0.18.3, which stems from an inability to filter CRLF characters with a null byte prefix, which can be exploited by an...

BIT-PYTHON-MIN-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...

BIT-PHP-MIN-2024-3096 PHP function password_verify can erroneously return true when argument contains NUL

In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, if a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true...

CLSA-2025-1736284875 php: Fix of 3 CVEs

CVE-2024-2756: Fix issue introduced by incomplete fix of CVE-2022-31629 to prevent network and same-site attackers from setting insecure cookies in victim's browser - CVE-2024-3096: Fix issue where passwordverify incorrectly returns true when testing a blank string with password starting with a...

CLSA-2024-1735310755 php: Fix of 3 CVEs

CVE-2022-31629: Add cookie integrity validation - CVE-2024-2756: Fix issue introduced by incomplete fix of CVE-2022-31629 to prevent network and same-site attackers from setting insecure cookies in victim's browser - CVE-2024-3096: Fix issue where passwordverify incorrectly returns true when...

php: password_verify can erroneously return true, opening ATO risk

A null byte interaction error vulnerability was found in PHP. If a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true. If a user can create a password with a leading null byte unlikely, but...

php: password_verify can erroneously return true, opening ATO risk

A null byte interaction error vulnerability was found in PHP. If a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true. If a user can create a password with a leading null byte unlikely, but...

php: password_verify can erroneously return true, opening ATO risk

A null byte interaction error vulnerability was found in PHP. If a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true. If a user can create a password with a leading null byte unlikely, but...

php: password_verify can erroneously return true, opening ATO risk

A null byte interaction error vulnerability was found in PHP. If a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true. If a user can create a password with a leading null byte unlikely, but...

Astra Linux - уязвимость в ghostscript

Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword e.g., for runpdf has a \000 byte in the middle...

CVE-2024-42383

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field...

CVE-2024-42383

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field...

CVE-2024-42383 Use of Out-of-range Pointer Offset in Mongoose Web Server library

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field...