50 matches found
Bouncy Castle 安全漏洞
Bouncy Castle is a collection of APIs used in cryptography organized by Bouncy Castle. It includes APIs for the Java and C programming languages . A security vulnerability exists in Bouncy Castle versions 1.77 and earlier, which stems from an unrestricted resource allocation that could lead to...
OpenEXR 安全漏洞
OpenEXR is an open standard for high dynamic range image HDR file formats. A security vulnerability exists in OpenEXR version 3.3.2, which can be exploited by attackers to cause excessive memory allocation and performance degradation when processing malicious files...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the amdgpu driver not validating the RAS header field, which could lead to an over-allocation of memory...
Drupal 安全漏洞
Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal versions 8.0.X prior to 10.1.8 and 10.2.X prior to 10.2.2, which stems from a vulnerability that allows for over-allocation...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from a potential memory over-allocation problem in the input subsystem Input: MT...
CVE-2024-43806
Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...
rustix 安全漏洞
rustix is a secure Rust binding to a POSIX-style API open-sourced by the Bytecode Alliance. A security vulnerability exists in rustix that stems from memory over-allocation, which could lead to a rapid and unlimited memory explosion...
AZL-35476 CVE-2023-52429 affecting package hyperv-daemons for versions less than 6.6.22.1-2
dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount...
Memory over-allocation in evm crate
Impact Prior to the patch, when executing specific EVM opcodes related to memory operations that use evmcore::Memory::copylarge, the crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. Patches The flaw was corrected in comm...
GHSA-4JWQ-572W-4388 Memory over-allocation in evm crate
Impact Prior to the patch, when executing specific EVM opcodes related to memory operations that use evmcore::Memory::copylarge, the crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. Patches The flaw was corrected in comm...
GHSA-C827-HFW6-QWVM rustix's `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion
Summary When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and unbounded memory explosion gigabytes in a few seconds i...
rustix's `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion
Summary When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and unbounded memory explosion gigabytes in a few seconds i...
OESA-2023-1717 mosquitto security update
Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...
AZL-79066 CVE-2023-24534 affecting package golang 1.25.7-1
HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than requir...
SAMSUNG mTower 安全漏洞
SAMSUNG mTower is a new Trusted Execution Environment TEE from Samsung South Korea. A security vulnerability exists in SAMSUNG mTower version 0.3.0 and prior versions, which stems from a TEEMalloc that allows a trusted application to over-allocate memory by using large len values...
OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...
ALPINE-CVE-2021-28700
xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured...
CVE-2021-28700
xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured...
UBUNTU-CVE-2021-28700
xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured...
GHSA-773Q-5334-5GF9 Memory over-allocation in evm-core
Prior to the patch, when executing specific EVM opcodes related to memory operations that use evmcore::Memory::copylarge, the crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. The flaw was corrected in commit 19ade85...