PT-2022-33461 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.2 Description: The issue is related to a potential panic in the dl cpu busy function due to an empty cs-cpus allowed. The actual impact and attack plausibility have not yet been proven. Recommendations: Fo...

golang: compress/gzip: stack exhaustion in Reader.Read

A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion...

CVE-2022-30630

A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability...

OPENSUSE-SU-2021:3834-1 Security update for go1.16

This update for go1.16 fixes the following issues: Security update go1.16.10 released 2021-11-04 bsc1182345. - CVE-2021-41771: Fixed invalid dynamic symbol table command that could have caused panic bsc1192377. - CVE-2021-41772: Fixed panic on Reader.Open bsc1192378...

MGASA-2021-0475 Updated golang packages fix security vulnerability

The fix for CVE-2021-33196 can be bypassed by crafted inputs. As a result, the NewReader and OpenReader functions in archive/zip can still cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size...

Improper Input Validation in once_cell

If during the first dereference of Lazy the initialization function panics, subsequent dereferences will execute std::hints::unreachableunchecked. Applications with panic = "abort" are not affected, as there will be no subsequent dereferences...

SUSE-SU-2021:2787-1 Security update for go1.15

This update for go1.15 fixes the following issues: Update to go1.15.15: - go47473 net/http: panic due to racy read of persistConn after handler panic CVE-2021-36221 bsc1189162 - go47347 cmd/go: 'go list -f '.Stale'' stack overflow with cyclic imports - go47014 cmd/go: go mod vendor: open...

Unspecified Vulnerability in Mozilla Rust (CNVD-2021-30442)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in streebog crate in versions of Mozilla Rust prior to 0.8.0, which stems from the Streebog hash function causing a panic. No details of the vulnerability are provided at this tim...

[SECURITY] [DLA 2453-1] restic security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2453-1 [email protected] https://www.debian.org/lts/security/ Brian May November 17, 2020 https://wiki.debian.org/LTS -...

CVE-2018-1066

The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setupntlmv2rsp that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation...