213 matches found
CVE-2024-28231 Manipulated DATA Submessage causes a heap-buffer-overflow error
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminate...
PT-2024-40053 · Eth Abi · Eth Abi
Name of the Vulnerable Software and Affected Versions: eth-abi affected versions not specified Description: The issue is related to a recursive pointer problem. It can cause an OverflowError when decoding a specially crafted payload using the decode function from the eth abi module. The error...
AZL-34885 CVE-2024-24861 affecting package kernel for versions less than 6.6.35.1-4
A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000getfrequency function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue...
Stack Overflow
libsquashfs.so is vulnerable to Stack Overflow Error. The vulnerability is caused by an integer overflow in function readfragmenttable4 in a file unsquash-4.c while reading a return value from SQUASHFSFRAGMENTBYTES which can be larger than maximum value of a signed int. This can lead to applicati...
SUSE: Security Advisory (SUSE-SU-2023:4225-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-34454
A flaw was found in Snappy-java's shuffle function, which does not check input sizes before beginning operations. This issue could allow an attacker to send malicious input to trigger an overflow error that crashes the program, resulting in a denial of service...
CVE-2023-34453
A flaw was found in Snappy-java's shuffle function, which does not check input sizes before beginning operations. This issue could allow an attacker to send malicious input to trigger an overflow error that crashes the program, resulting in a denial of service...
Denial Of Service (DOS)
The org.kopitubruk.util.JSONUtil library is vulnerable to Denial Of Service Attack DOS . The vulnerability is due to not restricting user supplied JSON to a maximum length causing Stack Overflow Error when the JSON is parsed leading to Denial Of Service DOS attack...
Denial Of Service (DOS)
The net.sf.sojo.sojo library is vulnerable to Denial Of Service Attack DOS . The vulnerability is due to not restricting user supplied JSON and CSV to a maximum length causing Stack Overflow Error/Out Of Memory -Heap Error when the input is parsed leading to Denial Of Service DOS attack...
Amazon Linux 2 : xstream (ALAS-2023-2007)
The version of xstream installed on the remote host is prior to 1.3.1-16. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2007 advisory. XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the...
SUSE CVE-2022-41881
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except...
[SECURITY] [DLA 3267-1] libxstream-java security update
Debian LTS Advisory DLA-3267-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany January 11, 2023 https://wiki.debian.org/LTS Package : libxstream-java Version : 1.4.11.1-1+deb10u4 CVE ID : CVE-2022-41966 Debian Bug : 1027754 XStream serializes Java objects to XML a...
XStream can cause Denial of Service via stack overflow
Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream. Patches XStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead...
Apple iOS 输入验证错误漏洞
Apple iOS is an operating system developed by Apple Inc. for mobile devices. A security vulnerability exists in iOS prior to 15.6, iPadOS prior to 15.6, and macOS Monterey prior to 12.5, which stems from an integer overflow issue in input validation, and may allow an application to execute...
GO-2022-1167 Denial of service in string value parsing in helm.sh/helm/v3
Applications that use the strvals package in the Helm SDK to parse user supplied input can suffer a Denial of Service when that input causes an error that cannot be recovered from. The strvals package contains a parser that turns strings into Go structures. For example, the Helm client has comman...
UBUNTU-CVE-2022-41881
Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except...
PT-2022-36789 · Git +1 · Harfbuzz
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read error. Technical details about the crash include the next function in OT::hb ot apply context...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the FTS3 extension, due to 32-bit signed integer overflow. In order to exploit this vulnerability, the attacker must have full SQL access and must be able to construct a corrupt database with over 2GB of FTS3...
PT-2022-36669 · Git +1 · Ndpi
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read error. Technical details about the crash include the functions ndpi search irc tcp, check ndpi...
Adobe Photoshop Multiple Vulnerabilities (APSB21-109) - Windows
Adobe Photoshop is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...