Lucene search
K

50 matches found

CNNVD
CNNVD
added 2025/08/12 12:0 a.m.3 views

Bouncy Castle 安全漏洞

Bouncy Castle is a collection of APIs used in cryptography organized by Bouncy Castle. It includes APIs for the Java and C programming languages . A security vulnerability exists in Bouncy Castle versions 1.77 and earlier, which stems from an unrestricted resource allocation that could lead to...

6.3CVSS5.1AI score0.00505EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/01 12:0 a.m.5 views

OpenEXR 安全漏洞

OpenEXR is an open standard for high dynamic range image HDR file formats. A security vulnerability exists in OpenEXR version 3.3.2, which can be exploited by attackers to cause excessive memory allocation and performance degradation when processing malicious files...

5.5CVSS6.4AI score0.00259EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/07/25 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the amdgpu driver not validating the RAS header field, which could lead to an over-allocation of memory...

5.5CVSS6.9AI score0.00157EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/12/05 12:0 a.m.5 views

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal versions 8.0.X prior to 10.1.8 and 10.2.X prior to 10.2.2, which stems from a vulnerability that allows for over-allocation...

7.5CVSS6.4AI score0.00457EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/04 12:0 a.m.5 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from a potential memory over-allocation problem in the input subsystem Input: MT...

5.5CVSS6.3AI score0.00237EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2024/08/26 6:43 p.m.10 views

CVE-2024-43806

Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...

6.5CVSS5.4AI score0.0048EPSS
Exploits0
CNNVD
CNNVD
added 2024/08/26 12:0 a.m.4 views

rustix 安全漏洞

rustix is a secure Rust binding to a POSIX-style API open-sourced by the Bytecode Alliance. A security vulnerability exists in rustix that stems from memory over-allocation, which could lead to a rapid and unlimited memory explosion...

6.5CVSS6.3AI score0.0048EPSS
Exploits0References4
OSV
OSV
added 2024/02/12 3:15 a.m.7 views

AZL-35476 CVE-2023-52429 affecting package hyperv-daemons for versions less than 6.6.22.1-2

dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount...

5.5CVSS6.5AI score0.00249EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/01/30 11:55 p.m.33 views

Memory over-allocation in evm crate

Impact Prior to the patch, when executing specific EVM opcodes related to memory operations that use evmcore::Memory::copylarge, the crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. Patches The flaw was corrected in comm...

6.5CVSS6.7AI score0.0128EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2024/01/30 11:55 p.m.3 views

GHSA-4JWQ-572W-4388 Memory over-allocation in evm crate

Impact Prior to the patch, when executing specific EVM opcodes related to memory operations that use evmcore::Memory::copylarge, the crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. Patches The flaw was corrected in comm...

6.5CVSS5.9AI score0.0128EPSS
Exploits0References3
OSV
OSV
added 2023/10/18 6:27 p.m.16 views

GHSA-C827-HFW6-QWVM rustix's `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion

Summary When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and unbounded memory explosion gigabytes in a few seconds i...

6.5CVSS6.4AI score0.0048EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2023/10/18 6:27 p.m.28 views

rustix's `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion

Summary When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and unbounded memory explosion gigabytes in a few seconds i...

6.5CVSS6.7AI score0.0048EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2023/10/13 11:6 a.m.4 views

OESA-2023-1717 mosquitto security update

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...

5.8CVSS6.7AI score0.00608EPSS
Exploits0References2
OSV
OSV
added 2023/04/06 4:15 p.m.8 views

AZL-79066 CVE-2023-24534 affecting package golang 1.25.7-1

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than requir...

7.5CVSS6.6AI score0.01888EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/08/11 12:0 a.m.7 views

SAMSUNG mTower 安全漏洞

SAMSUNG mTower is a new Trusted Execution Environment TEE from Samsung South Korea. A security vulnerability exists in SAMSUNG mTower version 0.3.0 and prior versions, which stems from a TEEMalloc that allows a trusted application to over-allocate memory by using large len values...

7.5CVSS7.3AI score0.00879EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2022/01/27 2:8 p.m.5 views

OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...

5.3CVSS7.4AI score0.03486EPSS
Exploits0References4
OSV
OSV
added 2021/08/27 7:15 p.m.5 views

ALPINE-CVE-2021-28700

xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured...

4.9CVSS6.9AI score0.0187EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/08/27 7:15 p.m.2 views

CVE-2021-28700

xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured...

6.8CVSS5.4AI score0.0187EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2021/08/27 7:15 p.m.2 views

UBUNTU-CVE-2021-28700

xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured...

4.9CVSS5.8AI score0.0187EPSS
Exploits0References3
OSV
OSV
added 2021/08/25 8:55 p.m.7 views

GHSA-773Q-5334-5GF9 Memory over-allocation in evm-core

Prior to the patch, when executing specific EVM opcodes related to memory operations that use evmcore::Memory::copylarge, the crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. The flaw was corrected in commit 19ade85...

7AI score
Exploits0References3
Rows per page
Query Builder