100 matches found
UBUNTU-CVE-2024-49945
In the Linux kernel, the following vulnerability has been resolved: net/ncsi: Disable the ncsi work before freeing the associated structure The work function can run after the ncsi device is freed, resulting in use-after-free bugs or kernel panic...
AZL-78988 CVE-2024-34155 affecting package golang 1.25.7-1
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion...
golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents
A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability...
SUSE CVE-2024-24860
A race condition was found in the Linux kernel's bluetooth device driver in min,maxkeysizeset function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue...
PT-2024-21622
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the f2fs file system in the Linux kernel. During recovery, if FAULT BLOCK is on, it is possible that f2fs reserve new block will return -ENOSPC, which may trigger...
golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory,...
golang: crypto/tls: large handshake records may cause panics
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition...
PT-2023-28591 · Unknown +1 · Quinn-Proto +1
Name of the Vulnerable Software and Affected Versions: quinn-proto versions prior to 0.9.5 quinn-proto versions prior to 0.10.5 Description: Receiving unknown QUIC frames in a QUIC packet could result in a panic. The issue was reported by the QUIC Tester research group and was not found by the...
DEBIAN-CVE-2023-3022
A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6rulelookup, sometimes holding rt6info and other times fib6info. This was not accounted for in other parts of the code where rt6info was expected unconditionally, potentially leading to a kerne...
SUSE CVE-2023-3022
A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6rulelookup, sometimes holding rt6info and other times fib6info. This was not accounted for in other parts of the code where rt6info was expected unconditionally, potentially leading to a kerne...
golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability...
PT-2023-15729 · Huawei · Emui +1
Name of the Vulnerable Software and Affected Versions: Smartphones affected versions not specified Description: The issue is related to data initialization problems in some smartphones. Successful exploitation of this problem may cause a system panic. Recommendations: At the moment, there is no...
golang: path/filepath: stack exhaustion in Glob
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability...
AZL-37508 CVE-2022-41724 affecting package golang for versions less than 1.21.6-1
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session...
PT-2023-35188 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.90 Description: The issue is related to the f2fs component, where a panic can be avoided if the extent tree is not created. The actual impact and attack plausibility have not yet been proven...
PT-2023-35369 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.304 Description: The issue is related to the f2fs extent tree. If the extent tree is not created, it may cause a panic. The actual impact and attack plausibility have not yet been proven. Recommendations:...
PT-2023-34763 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.8 Description: The issue is related to the f2fs component, where a panic can be avoided if the extent tree is not created. The actual impact and attack plausibility have not yet been proven. Recommendations...
golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents
A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability...
OESA-2022-1830 golang security update
The Go Programming Language Security Fixes: A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. References: https://go.dev/issue/53871...
golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)
A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files. An attacker capable of submitting a crafted ZIP file to a Go application using archive/zip to process that file could...