172 matches found
phonenumber: panic on parsing crafted RF3966 phonenumber inputs
Impact The phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string .;phone-context=. Patches...
DEBIAN-CVE-2023-36308
disintegration Imaging 1.6.2 allows attackers to cause a panic because of an integer index out of range during a Grayscale call via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequenc...
ZPLGFA Input Validation Error Vulnerability
ZPLGFA is a Go package from Simon Waldherr's personal developer. It is used to convert PNG, JPEG and GIF encoded graphic files into ZPL compatible ^GF elements graphic fields. A security vulnerability exists in ZPLGFA version 1.1.1, which stems from allowing an attacker to cause a panic with a...
CVE-2023-24535 Panic when parsing invalid messages in google.golang.org/protobuf
Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic...
CVE-2023-33199 malformed proposed intoto v0.0.2 entries can cause a panic in Rekor
Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error...
SUSE CVE-2014-3687
The sctpassoclookupasconfack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service panic via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter...
SUSE CVE-2019-17596
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates...
SUSE CVE-2020-12769
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dwspiirq and dwspitransferone, aka CID-19b61392c5a8...
PT-2023-19092 · Unknown · Go-Unixfsnode
Name of the Vulnerable Software and Affected Versions: go-unixfsnode versions prior to 1.5.2 Description: The issue is caused by a bogus fanout parameter in the HAMT directory nodes, which can lead to panics and virtual memory leaks when trying to read malformed HAMT sharded directories. If...
golang: path/filepath: stack exhaustion in Glob
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability...
Denial of service
Unmarshal can panic on some inputs, possibly allowing for denial of service attacks...
golang: path/filepath: stack exhaustion in Glob
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability...
AZL-43348 CVE-2021-43565 affecting package libcontainers-common for versions less than 20210626-5
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...
golang: crypto/elliptic: panic caused by oversized scalar
An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256.ScalarMult or P256.ScalarBaseMult to panic, leading to a loss of availability...
golang: crypto/elliptic: panic caused by oversized scalar
An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256.ScalarMult or P256.ScalarBaseMult to panic, leading to a loss of availability...
golang: crypto/elliptic: panic caused by oversized scalar
An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256.ScalarMult or P256.ScalarBaseMult to panic, leading to a loss of availability...
golang: encoding/gob: stack exhaustion in Decoder.Decode
A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...
golang: path/filepath: stack exhaustion in Glob
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability...
golang: crypto/elliptic: panic caused by oversized scalar
An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256.ScalarMult or P256.ScalarBaseMult to panic, leading to a loss of availability...
Uncontrolled Recursion
Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: A malicious HTTP server or client can cause the net/http client or server to panic.ReadRequest and ReadResponse can hit an...