Dhowden Tag Input Validation Error Vulnerability

Dhowden Tag is a Go-based MP3/MP4/OGG/FLAC metadata parsing library by Dhowden's personal developer. A security vulnerability exists in dhowden tag versions prior to 2020-11-19, which allows "panic: runtime error: slice bounds out of range" via readTextWithDescrFrame...

PT-2020-17118 · Dhowden · Dhowden Tag

Name of the Vulnerable Software and Affected Versions: dhowden tag versions before 0.0.0-20201120070457-d52dcb253c63 dhowden tag versions before 2020-11-19 Description: The issue is due to improper bounds checking in a number of methods, which can trigger a panic via readPICFrame, readAPICFrame, ...

Dhowden Tag Input Validation Error Vulnerability

Dhowden Tag is a Go-based MP3/MP4/OGG/FLAC metadata parsing library by the Dhowden personal developer. A security vulnerability exists in dhowden tag versions prior to 2020-11-19, which allows "panic: runtime error: index out of range" to be passed through readPICFrame...

PT-2020-17121 · Dhowden · Dhowden

Name of the Vulnerable Software and Affected Versions: dhowden tag versions prior to 0.0.0-20201120070457-d52dcb253c63 Description: The issue is due to improper bounds checking in several methods, which can trigger a panic via readAtomData or readAPICFrame due to attempted out-of-bounds reads. If...

Dhowden Tag Input Validation Error Vulnerability

Dhowden Tag is a Go-based MP3/MP4/OGG/FLAC metadata parsing library from the Dhowden personal developers. A security vulnerability exists in versions of dhowden tag prior to 2020-11-19, which allows parsing of MP3/MP4/OGG/FLAC metadata via readAtomData "panic: runtime error: slice bounds out of...

PT-2020-7004 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the Linux kernel's media subsystem, specifically the Aspeed video driver. It introduces improper reset on the Video Engine hardware, causing unexpected DMA memo...

DEBIAN-CVE-2020-35381

jsonparser 1.0.0 allows attackers to cause a denial of service panic: runtime error: slice bounds out of range via a GET call...

CVE-2020-35381

jsonparser 1.0.0 allows attackers to cause a denial of service panic: runtime error: slice bounds out of range via a GET call...

golang: math/big: panic during recursive division of very large numbers

A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The...

Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

VulnCheck KEV: CVE-2021-25370

Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369...

SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3532-1)

The SUSE Linux Enterprise 15 LTSS kernel was updated to receive various security and bug fixes. The following security bugs were fixed : CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2905-1)

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-26088: Fixed an improper CAPNETRAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security...

SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3230-1)

The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-25212: Fixed getxattr kernel panic and memory overflow bsc1176381. CVE-2020-25643: Added range checks in pppcpparsecr bsc1177206. CVE-2020-25641:...

SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2904-1)

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-26088: Fixed an improper CAPNETRAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security...

SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:3412-1)

This update for xen fixes the following issues : Security issue fixed : CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 bsc1178591. Non-security issues fixed : Updated to Xen 4.13.2 bug fix release bsc1027519. Fixed a panic during MSI cleanup on AMD...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2879-1)

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-26088: Fixed an improper CAPNETRAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security...

RUSTSEC-2020-0082 ordered_float:NotNan may contain NaN after panic in assignment operators

After using an assignment operators such as NotNan::addassign, NotNan::mulassign, etc., it was possible for the resulting NotNan value to contain a NaN. This could cause undefined behavior in safe code, because the safe NotNan::cmp method contains internal unsafe code that assumes the value is...

golang: math/big: panic during recursive division of very large numbers

A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The...

FreeBSD : FreeBSD -- ICMPv6 use-after-free in error message handling (8eed0c5c-3482-11eb-b87a-901b0ef719ab)

When an ICMPv6 error message is received, the FreeBSD ICMPv6 stack may extract information from the message to hand to upper-layer protocols. As a part of this operation, it may parse IPv6 header options from a packet embedded in the ICMPv6 message. The handler for a routing option caches a point...