CVE-2023-45781

In parsegapdata of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-40083

In parsegapdata of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...

PT-2023-29691 · Google · Android

Name of the Vulnerable Software and Affected Versions: The affected software and versions are not specified. Description: The issue is related to a possible out of bounds read in the parse gap data function due to a missing bounds check. This could lead to local information disclosure, requiring...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by a missing boundary check in parsegapdata in the utils.cc script. An attacker can exploit this vulnerability to obtain sensitive information...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability due to a missing boundary check in parsegapdata in the utils.cc script. An attacker can exploit this vulnerability to obtain sensitive information...

PT-2023-27258 · Google · Android

Name of the Vulnerable Software and Affected Versions: utils.cc affected versions not specified Description: The issue is related to a possible out of bounds read in the parse gap data function of utils.cc due to a missing bounds check. This could lead to local information disclosure and requires...

PT-2023-7351 · Perl +2 · Perl +2

Name of the Vulnerable Software and Affected Versions: Perl versions 5.30.0 through 5.38.1 Description: The issue is related to the S parse uniprop string function in regcomp.c, which can write to unallocated space due to mishandling of a property name associated with a regular expression...

Improper Validation of Syntactic Correctness of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range". PoC go import "fmt"...

DEBIAN-CVE-2023-48039

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gfmpdparsestring mediatools/mpd.c:75...

UBUNTU-CVE-2023-48039

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gfmpdparsestring mediatools/mpd.c:75...

GPAC Security Vulnerabilities

GPAC is an open source multimedia framework. A security vulnerability exists in GPAC version 2.3-DEV-rev617-g671976fcc-master, which stems from a memory leak vulnerability in component gfmpdparsestring mediatools/mpd.c:75...

PT-2023-8888 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: GPAC versions 2.3-DEV-rev617-g671976fcc-master Description: The issue is related to a memory leak in the gf mpd parse string function, located in media tools/mpd.c:75, due to the lack of memory release after its effective term of service...

CVE-2023-6038

A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...

PT-2023-32489 · H2O-3 · H2O-3

Name of the Vulnerable Software and Affected Versions: h2o-3 version 3.40.0.4 Description: A Local File Inclusion LFI issue exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. Th...

The vulnerability of the parse method in the json5 package manager library in NPM allows a hacker to trigger a service failure.

The vulnerability of the parse method in the json5 package manager library from NPM is related to uncontrolled changes to prototype attributes of objects. Exploiting this vulnerability could allow a malicious actor to cause service failures...

GPAC Security Vulnerabilities

GPAC is an open source multimedia framework. A security vulnerability exists in GPAC version v2.3-DEV-rv566-g50c2ab06f-master, which stems from a buffer overflow vulnerability in the function hevcparsevpsextension...

c-ares: Heap buffer over read in ares_parse_soa_reply

A heap buffer over-read flaw was found in c-ares via the aresparsesoareply function in aresparsesoareply.c...

protobuf-c: unsigned integer overflow in parse_required_member

A vulnerability was found in protobuf-c. This security flaw leads to an unsigned integer overflow in parserequiredmember...

golang: go/parser: Infinite loop in parsing

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service...

kernel: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data The MT7921 driver no longer uses eeprom.data, but the relevant code has not been removed completely since commit 16d98b548365 "mt76: mt7921: rely on...