Lucene search
K

100 matches found

OSV
OSV
added 2024/10/21 6:15 p.m.7 views

UBUNTU-CVE-2024-49945

In the Linux kernel, the following vulnerability has been resolved: net/ncsi: Disable the ncsi work before freeing the associated structure The work function can run after the ncsi device is freed, resulting in use-after-free bugs or kernel panic...

5.5CVSS6.2AI score0.00228EPSS
Exploits0References21
OSV
OSV
added 2024/09/06 9:15 p.m.5 views

AZL-78988 CVE-2024-34155 affecting package golang 1.25.7-1

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion...

4.3CVSS7AI score0.00839EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/05/22 9:48 a.m.8 views

golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents

A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability...

7.5CVSS7.1AI score0.034EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2024/02/07 3:45 a.m.4 views

SUSE CVE-2024-24860

A race condition was found in the Linux kernel's bluetooth device driver in min,maxkeysizeset function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue...

5.5CVSS6.4AI score0.00805EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/02/05 12:0 a.m.8 views

PT-2024-21622

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the f2fs file system in the Linux kernel. During recovery, if FAULT BLOCK is on, it is possible that f2fs reserve new block will return -ENOSPC, which may trigger...

9.1CVSS6.6AI score0.01635EPSS
Exploits0References335
RedHat Linux
RedHat Linux
added 2024/01/10 11:36 a.m.5 views

golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers

A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory,...

7.5CVSS6.6AI score0.01544EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2023/10/20 2:54 p.m.4 views

golang: crypto/tls: large handshake records may cause panics

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition...

7.5CVSS6.6AI score0.01111EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/09/21 12:0 a.m.6 views

PT-2023-28591 · Unknown +1 · Quinn-Proto +1

Name of the Vulnerable Software and Affected Versions: quinn-proto versions prior to 0.9.5 quinn-proto versions prior to 0.10.5 Description: Receiving unknown QUIC frames in a QUIC packet could result in a panic. The issue was reported by the QUIC Tester research group and was not found by the...

7.5CVSS7.2AI score0.0076EPSS
Exploits0References21
OSV
OSV
added 2023/06/19 6:15 p.m.3 views

DEBIAN-CVE-2023-3022

A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6rulelookup, sometimes holding rt6info and other times fib6info. This was not accounted for in other parts of the code where rt6info was expected unconditionally, potentially leading to a kerne...

5.5CVSS6.6AI score0.00198EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/06/02 2:29 a.m.2 views

SUSE CVE-2023-3022

A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6rulelookup, sometimes holding rt6info and other times fib6info. This was not accounted for in other parts of the code where rt6info was expected unconditionally, potentially leading to a kerne...

5.5CVSS6.6AI score0.00198EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/05/09 10:3 a.m.2 views

golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service

An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability...

7.5CVSS6.6AI score0.0198EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/03/27 12:0 a.m.5 views

PT-2023-15729 · Huawei · Emui +1

Name of the Vulnerable Software and Affected Versions: Smartphones affected versions not specified Description: The issue is related to data initialization problems in some smartphones. Successful exploitation of this problem may cause a system panic. Recommendations: At the moment, there is no...

7.5CVSS7.2AI score0.00474EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/03/15 7:58 p.m.6 views

golang: path/filepath: stack exhaustion in Glob

A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
OSV
OSV
added 2023/02/28 6:15 p.m.7 views

AZL-37508 CVE-2022-41724 affecting package golang for versions less than 1.21.6-1

Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session...

7.5CVSS6.6AI score0.01111EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/13 12:0 a.m.4 views

PT-2023-35188 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.90 Description: The issue is related to the f2fs component, where a panic can be avoided if the extent tree is not created. The actual impact and attack plausibility have not yet been proven...

7.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/13 12:0 a.m.3 views

PT-2023-35369 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.304 Description: The issue is related to the f2fs extent tree. If the extent tree is not created, it may cause a panic. The actual impact and attack plausibility have not yet been proven. Recommendations:...

7.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/31 12:0 a.m.4 views

PT-2023-34763 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.8 Description: The issue is related to the f2fs component, where a panic can be avoided if the extent tree is not created. The actual impact and attack plausibility have not yet been proven. Recommendations...

7.1AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/11/15 12:38 p.m.3 views

golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents

A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability...

7.5CVSS7.1AI score0.034EPSS
Exploits1References5
OSV
OSV
added 2022/08/13 11:4 a.m.4 views

OESA-2022-1830 golang security update

The Go Programming Language Security Fixes: A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. References: https://go.dev/issue/53871...

7.5CVSS6.9AI score0.0198EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2022/05/10 2:2 p.m.3 views

golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)

A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. An attacker capable of submitting a crafted ZIP file to a Go application using archive/zip to process that file could...

7.5CVSS7.1AI score0.06934EPSS
Exploits1References5
Rows per page
Query Builder