git-url-parse Regular Expression Denial of Service

giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...

CVE-2023-32758

The connected documents confirm CVE-2023-32758 affects git-url-parse (Python) up to 1.2.2, used by Semgrep versions 1.5.2–1.24.1. The issue is a Regular Expression Denial of Service (ReDoS) when parsing untrusted URLs, with potential impact if a package’s author embeds a crafted URL in a target p...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : SQL parse vulnerability (USN-6064-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6064-1 advisory. It was discovered that SQL parse incorrectly handled certain regular expression. An attacker could possibly use this issue to caus...

CVE-2023-31913

Jerryscript 3.0 commit 1a2c047 was discovered to contain an Assertion Failure via the component parserparseclass at jerry-core/parser/js/js-parser-expr.c...

PT-2023-23515 · Unknown · Jerryscript

Name of the Vulnerable Software and Affected Versions: Jerryscript version 3.0 commit 1a2c047 Description: An Assertion Failure was discovered in Jerryscript via the component parser parse class at jerry-core/parser/js/js-parser-expr.c. Recommendations: For Jerryscript version 3.0 commit 1a2c047,...

USN-6064-1: SQL parse vulnerability

It was discovered that SQL parse incorrectly handled certain regular expression. An attacker could possibly use this issue to cause a denial of service...

CVE-2023-31910

Removed by vendor...

JerryScript 缓冲区错误漏洞

JerryScript is a lightweight JavaScript engine from the Jerryscript project. A security vulnerability exists in JerryScript version 3.0.0 1a2c047, which originates in the component parserparsefunctionstatement in /jerry-core/parser/js/js-parser-statm.c contains a heap buffer overflow...

kernel: soc: qcom: ocmem: Fix refcount leak in of_get_ocmem

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: ocmem: Fix refcount leak in ofgetocmem ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak. ofnodeput will...

kernel: usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe

In the Linux kernel, the following vulnerability has been resolved: usb: ohci-nxp: Fix refcount leak in ohcihcdnxpprobe ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak...

PT-2025-26037 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A refcount leak bug has been identified in the Linux kernel, specifically in the ASoC: mt6359 component. The issue arises in the mt6359 parse dt and mt6359 accdet parse dt functions,...

PT-2023-6791 · Yajl +11 · Yajl +11

Name of the Vulnerable Software and Affected Versions: yajl version 2.1.0 Description: The issue is related to a memory leak caused by the use of the yajl tree parse function in the yajl library. This can lead to out-of-memory conditions in servers, resulting in crashes. The vulnerability can be...

DEBIAN-CVE-2022-40318

An issue was discovered in bgpd in FRRouting FRR through 8.4. By crafting a BGP OPEN message with an option of type 0xff Extended Length from RFC 9072, attackers may cause a denial of service assertion failure and daemon restart, or out-of-bounds read. This is possible because of inconsistent...

OESA-2023-1256 protobuf-c security update

This is protobuf-c, a C implementation of the Google Protocol Buffers data serialization format. Security Fixes: protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember.CVE-2022-48468...

SUSE CVE-2023-29582

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parseexpr1 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...

SUSE CVE-2023-29583

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parseexpr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...

PT-2023-35797 · Git +1 · Mongoose

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap buffer overflow read issue was identified, with a crash type of Heap-buffer-overflow READ 1. The crash occurred in the mg mqtt parse function,...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the parseexpr5 function in the /nasm/nasm-parse.c file. Remediation There is no fixed version for yasm. References - GitHub Issue - PoC Credit: z1r00...

PT-2023-7434 · Avahi +9 · Avahi +9

Name of the Vulnerable Software and Affected Versions: Avahi affected versions not specified Description: A vulnerability exists in the avahi rdata parse function of Avahi, which is related to a reachable assertion. This issue can be exploited by an attacker to cause a denial of service...

CVE-2023-29583

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parseexpr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...