PT-2024-13362 · Msoulier · Tftpy

Name of the Vulnerable Software and Affected Versions: msoulier tftpy affected versions not specified Description: A Buffer Overflow issue allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory class. This issue can be exploited by a remote attacker,...

CVE-2023-46566

msoulier tftpy is affected by a Buffer Overflow in the parse function of the TftpPacketFactory class. Root cause: inadequate input validation leads to remote denial of service. Impact: remote attacker over the network can cause a DoS; no patch/version details are provided in the supplied document...

domain-suffix RegEx Denial of Service

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function. PoC js async function exploit const domainsuffix = require"domain-suffix"; // Crafting a string that will cause excessive backtracking const maliciousInput =...

CVE-2024-25354

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function...

PT-2024-40680 · Git +1 · Quickjs

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash state includes functions such as emit goto, emit class field init, and js parse function...

domain-suffix 安全漏洞

domain-suffix is a Node.js package. A security vulnerability exists in domain-suffix version 1.0.8, which stems from a vulnerability that allows an attacker to crash an application using crafted input via the parse function...

CVE-2024-25354

CVE-2024-25354 affects domain-suffix 1.0.8 (Node.js) with a RegEx Denial of Service in the parse function that can crash the application when given crafted input. Root cause: excessive backtracking in the regular expression. Impact: denial of service/crash; exploitation details are provided in pu...

CVE-2024-25354

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function...

PT-2024-20898 · Unknown · Domain-Suffix

Name of the Vulnerable Software and Affected Versions: domain-suffix version 1.0.8 Description: The issue allows attackers to crash the application via crafted input to the parse function, resulting in a Denial of Service. This is achieved through a RegEx Denial of Service in the domain-suffix...

CVE-2024-25354

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function...

Improper Validation of Syntactic Correctness of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range". PoC go import "fmt"...

Vulnerability of the bfd_pef_parse_function_stubs function in the GNU Binutils development environment, caused by buffer overflow in dynamic memory, allowing an attacker to trigger a stack overflow.

The vulnerability of the bfdpefparsefunctionstubs function in the GNU Binutils development toolset, located in the bfd/pef.c file, is caused by a buffer overflow in the dynamic memory. Exploiting this vulnerability could allow an attacker to trigger a stack overflow...

SUSE CVE-2023-38851

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xlsparseWorkBook function in xls.c:1018...

CVE-2023-40294

libboron in Boron 2.0.8 has a heap-based buffer overflow in urparseBlockI at iparseblk.c...

Denial Of Service (DoS)

github.com/malfunkt/iprange is vulnerable to Denial of Service DoS attacks. The vulnerability exists in Parse function of y.go, which allows a malicious user to parse a range with a mask larger than 32 bits which causes a panic, resulting in an application crash...

SUSE CVE-2023-36665

"protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions...

GHSA-H755-8QP9-CQ85 protobufjs Prototype Pollution vulnerability

protobuf.js aka protobufjs 6.10.0 until 6.11.4 and 7.0.0 until 7.2.4 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and...

CVE-2023-36665

"protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions...

CVE-2023-36665

"protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions...

ALPINE-CVE-2023-33460

There's a memory leak in yajl 2.1.0 with use of yajltreeparse function. which will cause out-of-memory in server and cause crash...