PT-2023-2770 · Ntp +3 · Ntp +3

Name of the Vulnerable Software and Affected Versions: NTP version 4.2.8p15 Description: The issue is related to an out-of-bounds write in the praecis parse function in ntpd/refclock palisade.c. This could potentially allow a remote attacker to cause a denial of service by sending a specially...

PT-2023-6370 · Unknown · Supportcandy

Name of the Vulnerable Software and Affected Versions: SupportCandy versions prior to 3.1.5 Description: The issue is related to the lack of validation and escaping of user input in SQL statements, which could allow unauthenticated attackers to perform SQL injection attacks. This could enable...

AZL-37411 CVE-2023-24538 affecting package golang for versions less than 1.21.6-1

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

CVE-2023-24537

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

AZL-37319 CVE-2023-24537 affecting package golang for versions less than 1.21.6-1

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

AZL-79120 CVE-2023-24537 affecting package golang 1.25.7-1

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

AZL-37352 CVE-2023-24537 affecting package golang for versions less than 1.21.6-1

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

DEBIAN-CVE-2023-24538

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

AZL-26026 CVE-2023-24537 affecting package golang for versions less than 1.20.7-1

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

CVE-2023-24537

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

Integer overflow

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

CVE-2023-24537

CVE-2023-24537 affects the Go parser (go/parser) when processing Go source containing //line directives with very large line numbers, causing an infinite loop due to integer overflow. Documents confirm this vulnerability in golang/go and note that patched versions are available in affected distri...

SUSE CVE-2023-24538

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

PT-2023-35753 · Git +1 · Binutils

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided input. Description: The issue is related to a heap-use-after-free READ 3 crash type. The crash state involves functions such as filename cmp, debug start source, and parse stab. N...

CVE-2023-24537

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service...

PT-2023-9029 · Golang +10 · Golang +10

Name of the Vulnerable Software and Affected Versions: Golang affected versions not specified Description: The issue is related to the consumption of large amounts of CPU and memory when processing form inputs containing a large number of parts. This can be caused by several factors, including th...

PT-2023-9785 · Go +10 · Go +10

Name of the Vulnerable Software and Affected Versions: Go affected versions not specified Description: The issue is related to the Parse function in the Go programming language, which can cause an infinite loop due to integer overflow when processing Go source code containing //line directives wi...

UBUNTU-CVE-2023-26916

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysparsemem at lysparsemem.c...

PT-2023-9144

Name of the Vulnerable Software and Affected Versions: libyang versions 2.0.164 through 2.1.30 Description: The issue is related to a NULL pointer dereference in the lys parse mem function of the libyang library, which is used for YANG data modeling language parsing. This could allow a remote...

Security Bulletin: Multiple vulnerabilities in software used in node.js affect Cloud Pak System

Summary Multiple vulnerabilities found in follow-redirect, html-parse-stringify2, nth-check, pycrypto affect Cloud Pak System. IBM Cloud Pak System has addressed those vulnerabilities. Vulnerability Details CVEID:CVE-2021-23346 DESCRIPTION: Node.js html-parse-stringify and html-parse-stringify2...