169 matches found
UBUNTU-CVE-2025-4432
A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 232 packets sent or received...
CVE-2022-49584 ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero
In the Linux kernel, the following vulnerability has been resolved: ixgbe: Add locking to prevent panic when setting sriovnumvfs to zero It is possible to disable VFs while the PF driver is processing requests from the VF driver. This can result in a panic. BUG: unable to handle kernel paging...
PT-2025-42741
Name of the Vulnerable Software and Affected Versions Go versions prior to 1.24.9-alt1 Gobuster version 3.8.2 complyctl affected versions not specified containernetworking-plugins version 1.9.0 OpenTofu affected versions not specified Description The Go programming language contains a flaw in the...
go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion
A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion...
go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion
A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...
Important: Red Hat Security Advisory: git-lfs security update
An update for git-lfs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
In Go before 1.15.13 and 1.16.x before 1.16.5 there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
...
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5 a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.
...
CVE-2024-36928
In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...
CVE-2021-47007
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix panic during f2fsresizefs f2fsresizefs hangs in below callstack with testcase: - mkfs 16GB image & mount image - dd 8GB fileA - dd 8GB fileB - sync - rm fileA - sync - resize filesystem to 8GB kernel BUG at...
golang: crypto/tls: panic when processing post-handshake message on QUIC connections
A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic...
Security Bulletin: IBM Storage Ceph is vulnerable to a panic in Golang (CVE-2022-28327)
Summary Golang is used by IBM Storage Ceph as part of RGW and in assorted other locations. CVE-2022-28327 Vulnerability Details CVEID: CVE-2022-28327 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input validaiton by the generic P-256 feature in crypto/elliptic. B...
GHSA-5873-6FWQ-463F stellar-strkey vulnerable to panic in SignedPayload::from_payload
Impact Panic vulnerability when a specially crafted payload is used. This is because of the following calculation: rust innerpayloadlen + 4 - innerpayloadlen % 4 % 4 If innerpayloadlen is 0xffffffff, 4 - innerpayloadlen % 4 % 4 = 1 so rust innerpayloadlen + 4 - innerpayloadlen % 4 % 4 = u32::MAX ...
CVE-2023-46135
The CVE-2023-46135 issue affects rs-stellar-strkey, a Rust library for Stellar Strkey encoding/decoding. A panic vulnerability occurs during processing of crafted payloads where inner_payload_len should not exceed 64; this condition is the root cause described in various advisories. The vulnerabi...
rs-stellar-strkey Security Vulnerabilities
rs-stellar-strkey is a library of stellar open source. A security vulnerability exists in rs-stellar-strkey versions prior to 0.0.8, which stems from a panic vulnerability when using a specially crafted payload...
Apollo Router Code Issue Vulnerability
Apollo Router is a configurable, high-performance graphical router written in Rust. A code issue vulnerability exists in Apollo Router. An attacker could use this vulnerability to cause the router to panic and terminate when sending a multi-part response...
UBUNTU-CVE-2023-42805
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...
phonenumber: panic on parsing crafted RF3966 phonenumber inputs
Impact The phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string .;phone-context=. Patches...
DEBIAN-CVE-2023-36308
disintegration Imaging 1.6.2 allows attackers to cause a panic because of an integer index out of range during a Grayscale call via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequenc...
ZPLGFA Input Validation Error Vulnerability
ZPLGFA is a Go package from Simon Waldherr's personal developer. It is used to convert PNG, JPEG and GIF encoded graphic files into ZPL compatible ^GF elements graphic fields. A security vulnerability exists in ZPLGFA version 1.1.1, which stems from allowing an attacker to cause a panic with a...