GO-2024-3107 Stack exhaustion in Parse in go/build/constraint

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

Uncontrolled Recursion

Overview std/go/build/constraint is a Go standard library package std/go/build/constraint Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stac...

golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...

SUSE CVE-2024-45508

HTMLDOC before 1.9.19 has an out-of-bounds write in parseparagraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node...

UBUNTU-CVE-2024-45508

HTMLDOC before 1.9.19 has an out-of-bounds write in parseparagraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node...

HTMLDOC 安全漏洞

HTMLDOC is an open source program by Michael R Sweet, an individual developer, that converts HTML and Markdown files to EPUB, Indexed HTML, PostScript, and PDF format files. A security vulnerability exists in HTMLDOC versions prior to 1.9.19, which stems from an out-of-bounds write in the...

IBM Lotus Notes Sametime Room Name Bruteforce

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'enumerable' class MetasploitModule 'IBM Lotus Notes Sametime Room Name Bruteforce', 'Description' = %q This module bruteforces Sametime meeting room names via t...

DEBIAN-CVE-2024-45490

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer...

UBUNTU-CVE-2024-45490

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer...

golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...

PT-2024-6107 · Go +10 · Go +10

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.23.1 and 1.22.1 Description: The issue is related to the Parse function in the Go programming language, which can cause a panic due to stack exhaustion when dealing with deeply nested literals in Go source code. This ca...

orc: Stack-based buffer overflow vulnerability in ORC

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI buil...

PT-2024-40568 · Git +1 · Glslang

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves several function calls, including glslang::TInfoSinkBase::location,...

golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...

kernel: smb: client: fix potential OOBs in smb2_parse_contexts()

A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the smb2parsecontexts function. Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts...

Uncontrolled Resource Consumption ('Resource Exhaustion')

Overview Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' due to the parse and parsenat functions. An attacker can cause a denial of service by sending specially crafted inputs that are excessively long. Workaround Ensure that Fugit.parse...

CVE-2024-43380 fugit parse and parse_nat stall on lengthy input

fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sigh...

OSV-2024-868 Use-of-uninitialized-value in evutil_inet_pton

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69173 Crash type: Use-of-uninitialized-value Crash state: evutilinetpton bracketaddrok parseauthority...

PT-2024-40853 · Git +1 · Gpsd

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of "Use-of-uninitialized-value" as reported by OSS-Fuzz. The crash occurs in the packet parse function, located in t...

PT-2024-40855 · Jq · Jq

Name of the Vulnerable Software and Affected Versions: jq affected versions not specified Description: The issue is related to a heap buffer overflow read, which occurs in the jq software. The crash state indicates that the functions jv parse, f tonumber, and jq next are involved in the issue...