Lucene search
K

172 matches found

RustSec
RustSec
added 2023/09/19 12:0 p.m.4 views

phonenumber: panic on parsing crafted RF3966 phonenumber inputs

Impact The phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string .;phone-context=. Patches...

8.6CVSS7.2AI score0.00694EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/09/05 4:15 a.m.3 views

DEBIAN-CVE-2023-36308

disintegration Imaging 1.6.2 allows attackers to cause a panic because of an integer index out of range during a Grayscale call via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequenc...

5.5CVSS5.7AI score0.00354EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/09/05 12:0 a.m.3 views

ZPLGFA Input Validation Error Vulnerability

ZPLGFA is a Go package from Simon Waldherr's personal developer. It is used to convert PNG, JPEG and GIF encoded graphic files into ZPL compatible ^GF elements graphic fields. A security vulnerability exists in ZPLGFA version 1.1.1, which stems from allowing an attacker to cause a panic with a...

5.5CVSS6.8AI score0.00242EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/06/08 8:26 p.m.15 views

CVE-2023-24535 Panic when parsing invalid messages in google.golang.org/protobuf

Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic...

7.5AI score0.01089EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/05/26 10:52 p.m.6 views

CVE-2023-33199 malformed proposed intoto v0.0.2 entries can cause a panic in Rekor

Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the intoto/v0.0.2 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error...

5.3CVSS5.2AI score0.0067EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.3 views

SUSE CVE-2014-3687

The sctpassoclookupasconfack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service panic via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter...

7.5CVSS6.5AI score0.08579EPSS
Exploits1References16
SUSE CVE
SUSE CVE
added 2023/02/15 4:7 a.m.4 views

SUSE CVE-2019-17596

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates...

6.5CVSS8.7AI score0.04693EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:58 a.m.7 views

SUSE CVE-2020-12769

An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dwspiirq and dwspitransferone, aka CID-19b61392c5a8...

3.3CVSS6.4AI score0.00652EPSS
Exploits1References22
Positive Technologies
Positive Technologies
added 2023/02/09 12:0 a.m.4 views

PT-2023-19092 · Unknown · Go-Unixfsnode

Name of the Vulnerable Software and Affected Versions: go-unixfsnode versions prior to 1.5.2 Description: The issue is caused by a bogus fanout parameter in the HAMT directory nodes, which can lead to panics and virtual memory leaks when trying to read malformed HAMT sharded directories. If...

7.5CVSS7.2AI score0.00908EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2023/01/24 12:51 p.m.7 views

golang: path/filepath: stack exhaustion in Glob

A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
Prion
Prion
added 2022/11/10 8:15 p.m.10 views

Denial of service

Unmarshal can panic on some inputs, possibly allowing for denial of service attacks...

5CVSS7.6AI score0.01036EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2022/11/08 9:46 a.m.3 views

golang: path/filepath: stack exhaustion in Glob

A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
OSV
OSV
added 2022/09/06 6:15 p.m.6 views

AZL-43348 CVE-2021-43565 affecting package libcontainers-common for versions less than 20210626-5

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...

7.5CVSS6.8AI score0.00948EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/08/31 4:58 p.m.3 views

golang: crypto/elliptic: panic caused by oversized scalar

An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256.ScalarMult or P256.ScalarBaseMult to panic, leading to a loss of availability...

7.5CVSS7.2AI score0.03965EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/08/24 1:43 p.m.3 views

golang: crypto/elliptic: panic caused by oversized scalar

An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256.ScalarMult or P256.ScalarBaseMult to panic, leading to a loss of availability...

7.5CVSS7.2AI score0.03965EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/08/10 11:39 a.m.3 views

golang: crypto/elliptic: panic caused by oversized scalar

An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256.ScalarMult or P256.ScalarBaseMult to panic, leading to a loss of availability...

7.5CVSS7.2AI score0.03965EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/08/10 11:39 a.m.3 views

golang: encoding/gob: stack exhaustion in Decoder.Decode

A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

7.5CVSS6.6AI score0.01403EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/08/02 9:56 a.m.4 views

golang: path/filepath: stack exhaustion in Glob

A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/08/01 4:7 p.m.4 views

golang: crypto/elliptic: panic caused by oversized scalar

An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256.ScalarMult or P256.ScalarBaseMult to panic, leading to a loss of availability...

7.5CVSS7.2AI score0.03965EPSS
Exploits0References5
Snyk
Snyk
added 2022/07/15 11:4 p.m.6 views

Uncontrolled Recursion

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: A malicious HTTP server or client can cause the net/http client or server to panic.ReadRequest and ReadResponse can hit an...

8.2CVSS6.8AI score0.03692EPSS
Exploits0References3
Rows per page
Query Builder