10000 matches found
Important: Red Hat Security Advisory: podman security update
An update for podman is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
GHSA-X6GF-MPR2-68H6 Duplicate Advisory: pgproto3: Negative field length panics in DataRow.Decode
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jqcq-xjh3-6g23. This link is maintained to preserve external references. Original Description A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow...
Duplicate Advisory: pgproto3: Negative field length panics in DataRow.Decode
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jqcq-xjh3-6g23. This link is maintained to preserve external references. Original Description A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow...
CVE-2026-4427
Rejected reason: Duplicate of CVE-2026-32286...
UBUNTU-CVE-2026-4427
A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service DoS due to a slice bounds out of range panic...
CVE-2026-4427
...
RHEL 10 : podman (RHSA-2026:5167)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:5167 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the DecryptBytes function. An attacker can cause the process or goroutine to crash by sending a crafted AES-CBC encrypted assertion with a plaintext of all zero bytes, which triggers a panic due to...
GHSA-HWQM-QVJ9-4JR2 gosaml2 CBC Padding Panic — Unauthenticated Process Crash
Summary The AES-CBC decryption path in DecryptBytes panics on crafted ciphertext whose plaintext is all zero bytes. After decryption, bytes.TrimRightdata, "\x00" empties the slice, then datalendata-1 panics with index out of range -1. There is no recover in the library. The panic propagates throu...
SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass
Summary The SiYuan kernel WebSocket server accepts unauthenticated connections when a specific “auth keepalive” query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on attacker-controlled JSON. A remote attacker can send malformed messages tha...
GHSA-3G9H-9HP4-654V SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass
Summary The SiYuan kernel WebSocket server accepts unauthenticated connections when a specific “auth keepalive” query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on attacker-controlled JSON. A remote attacker can send malformed messages tha...
free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter
Impact This is an Improper Input Validation vulnerability leading to Denial of Service. - Security Impact: A remote attacker can cause the NRF service to panic and crash by sending a crafted HTTP GET request with a malformed group-id-list parameter. This results in complete denial of service for...
GHSA-GC42-3JG7-RXR2 Gossipsub PRUNE.backoff Duration Overflow
Summary The Rust libp2p Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time arithmetic when storing backoff state. A specially crafted PRUNE control message with an extremely large backoff e.g. u64::MAX can lead to Duration/Instant overflow...
Out-of-Bounds Slice Access in free5GC CHF Leading to DoS
Impact This is an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic in github.com/free5gc/chf/internal/sbi.Server.RechargePut... due t...
GHSA-6G43-577R-WF4X Out-of-Bounds Slice Access in free5GC CHF Leading to DoS
Impact This is an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic in github.com/free5gc/chf/internal/sbi.Server.RechargePut... due t...
Denial of service in github.com/jackc/pgproto3/v2
The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic...
github.com/buger/jsonparser has a denial of service vulnerability
The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...
GHSA-6G7G-W4F8-9C9X github.com/buger/jsonparser has a denial of service vulnerability
The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...
Denial of service in github.com/shamaton/msgpack
The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...
PT-2026-26176
free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic...