golang: go/parser: Infinite loop in parsing

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service...

GNU Binutils 缓冲区错误漏洞

GNU Binutils is a set of binary tools developed by the GNU Project, mainly used to deal with target files e.g., executables, libraries, etc., covering compilation, linking, debugging, and other phases of the function. An out-of-bounds read vulnerability exists in GNU Binutils, which originates in...

Denial Of Services (DoS)

@parse/push-adapter is vulnerable to Denial Of Services DoS. The vulnerability exists because the library does not properly validate the push notification payload, which allows an attacker to crash the parse server by providing an invalid push notification payload...

Invalid push request payload crashes Parse Server

Impact The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. Patches Invalid push notification payload is caught and an logged. Workarounds n/a References -...

GHSA-MXHG-RVWX-X993 Invalid push request payload crashes Parse Server

Impact The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. Patches Invalid push notification payload is caught and an logged. Workarounds n/a References -...

@evocodes/parse-server (>=2.2.11 <=2.2.27), @m1r4ge/parse-server (>=2.2.7 <=2.2.11) +36 more potentially affected by CVE-2023-32688 via parse-server-push-adapter (>=1.0.4 <=1.3.0)

parse-server-push-adapter NPM version =1.0.4, =2.2.11, =2.2.7, =2.2.7, =0.1.7, =0.0.1, =1.0.0, =2.2.3, =2.3.8, =2.2.18-mod, =2.2.25, =2.2.17, =2.3.3 and more Source cves: CVE-2023-32688 Source advisory: OSV:GHSA-MXHG-RVWX-X993...

PT-2023-23963 · Unknown · Parse-Server-Push-Adapter

Name of the Vulnerable Software and Affected Versions: parse-server-push-adapter versions prior to 4.1.3 Description: The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. Recommendations: For versions prior to 4.1.3, update to version 4.1.3 to resolve...

DEBIAN-CVE-2023-2789

A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function funcbody/parsevariabledeclaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-22937...

Design/Logic Flaw

A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function funcbody/parsevariabledeclaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-22937...

CVE-2023-2789 GNU cflow parser.c parse_variable_declaration denial of service

A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function funcbody/parsevariabledeclaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-22937...

PT-2023-21939 · Netconsd · Netconsd

Name of the Vulnerable Software and Affected Versions: netconsd versions prior to 0.2 Description: The issue is related to an integer overflow in the parse packet function, which can be exploited by a malicious individual to create heap memory corruption with attacker-controlled data...

GNU cflow 安全漏洞

GNU cflow is a flowchart generator from the US GNU community that reads C source files and generates externally referenced flowcharts. A security vulnerability exists in GNU cflow version 1.7, which stems from a problem with the function funcbody/parsevariabledeclaration in parser.c, resulting in...

The vulnerability of the praecis_parse function (ntpd/refclock_palisade.c) in the ntpd daemon, which is part of the NTP synchronization protocol, allows a attacker to cause a service failure.

The vulnerability of the praecisparse function ntpd/refclockpalisade.c in the ntpd daemon, which implements the NTP synchronization protocol, is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure by...

CVE-2023-32991

A cross-site request forgery CSRF vulnerability in Jenkins SAML Single Sign OnSSO Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML...

golang: go/parser: stack exhaustion in all Parse* functions

A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability...

frr: out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service

A vulnerability was found in FRRouting. This issue occurs in bgpcapabilitymsgparse in bgpd/bgppacket.c. An out-of-bounds read in the BGP daemon may lead to a segmentation fault and a denial of service...

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2021-23346 DESCRIPTION: Node.js html-parse-stringify and html-parse-stringify2 modules are vulnerable to a denial of service, caused by a regular expression denial of service ReDoS. By sending...

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2021-23343 DESCRIPTION: path-parse is vulnerable to a denial of service. By sending a specially-crafted request via splitDeviceRe, splitTailRe, and splitPathRe regular expressions, a remote...

agogosml-cli (=0.1.2), chip-wallet-dstack (>=1.3.0 <=1.5.0) +23 more potentially affected by CVE-2023-32758 via git-url-parse (>=1.0.2 <=1.2.2)

git-url-parse PYPI version =1.0.2, =1.3.0, =1.11.4, =0.3.1.1, =0.5.0, =0.0.4, =0.1.2, =0.1.0, =0.0.1, =0.25.0, =0.3.10, =0.6.8 and more Source cves: CVE-2023-32758 Source advisory: OSV:GHSA-4XQQ-73WG-5MJP...

GHSA-4XQQ-73WG-5MJP git-url-parse Regular Expression Denial of Service

giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...