Stack overflow

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

CVE-2023-50730 Grackle has StackOverflowError in GraphQL query processing

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

CVE-2023-50730 Grackle has StackOverflowError in GraphQL query processing

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

CVE-2023-50730

CVE-2023-50730 affects Grackle, a Scala GraphQL server. The vulnerabilities arise from two stack-related issues: (1) cyclic GraphQL fragments could trigger a JVM StackOverflowError during type checking/compilation, and (2) the cats-parse recursive operator used in the parser isn’t stack-safe, ena...

PT-2023-8145

Name of the Vulnerable Software and Affected Versions Barracuda ESG Appliance versions 5.1.3.001 through 9.2.1.001 Description The issue is related to a case of arbitrary code execution that resides within a third-party and open-source library named Spreadsheet::ParseExcel, used by the Amavis...

PT-2023-35651 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free READ 1 crash type. The crash state involves functions such as htmlParseDocument, htmlDoRead, and...

PT-2023-35650 · Git +1 · Libavc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow write crash. Technical details about the crash include the functions isvcd start of pic, isvcd parse decod...

SUSE CVE-2023-34194

StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion and application exit via a crafted XML document with a '\0' located after whitespace...

avahi: Reachable assertion in avahi_rdata_parse

A vulnerability was found in Avahi. A reachable assertion exists in the avahirdataparse function...

CVE-2023-48631

@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS...

PT-2023-35642 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type identified as Global-buffer-overflow READ 1. The crash state involves several functions: xmlDictLookupInternal,...

DEBIAN-CVE-2023-34194

StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion and application exit via a crafted XML document with a '\0' located after whitespace...

CVE-2023-34194

StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion and application exit via a crafted XML document with a '\0' located after whitespace...

CVE-2023-34194

StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion and application exit via a crafted XML document with a '\0' located after whitespace...

CVE-2023-34194

CVE-2023-34194 affects TinyXML (TinyXML library) where StringEqual in TiXmlDeclaration::Parse within tinyxmlparser.cpp can trigger a reachable assertion and process exit when parsing a crafted XML containing a '\0' after whitespace. Affected versions include TinyXML up to 2.6.2. Debian LTS, Magei...

CVE-2023-34194

StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion and application exit via a crafted XML document with a '\0' located after whitespace...

kernel: use-after-free vulnerability in the smb client component

A flaw was found in the SMB client component in the Linux kernel. In case of an error in smb3fscontextparseparam, ctx-password was freed, but the field was not set to NULL, potentially leading to a use-after-free vulnerability. This flaw allows a local user to crash or potentially escalate their...

PT-2023-9053 · Jsonpath +1 · Jsonpath +1

Name of the Vulnerable Software and Affected Versions: json-path version 2.8.0 Description: The issue is related to a stack overflow in the Criteria.parse method of the json-path library. This can potentially allow a remote attacker to cause a denial of service. Recommendations: For json-path...

PT-2023-35627 · Git +1 · Quickjs

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read issue has been identified, potentially causing a crash. The crash occurs in the js is live code, js parse statement or decl,...

The vulnerability of the cmNetBiosParseName function in Canon printer software of the imageCLASS D, imageCLASS MF, imageCLASS LBP, imagePROGRAF, PIXMA, MAXIFY series allows a hacker to execute arbitrary code.

The vulnerability of the cmNetBiosParseName function in Canon printer microprogramming systems of the imageCLASS D, imageCLASS MF, imageCLASS LBP, imagePROGRAF, PIXMA, and MAXIFY series is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to...