PT-2024-6107 · Go +10 · Go +10

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.23.1 and 1.22.1 Description: The issue is related to the Parse function in the Go programming language, which can cause a panic due to stack exhaustion when dealing with deeply nested literals in Go source code. This ca...

orc: Stack-based buffer overflow vulnerability in ORC

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI buil...

PT-2024-40568 · Git +1 · Glslang

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves several function calls, including glslang::TInfoSinkBase::location,...

golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm

A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...

kernel: smb: client: fix potential OOBs in smb2_parse_contexts()

A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the smb2parsecontexts function. Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts...

Uncontrolled Resource Consumption ('Resource Exhaustion')

Overview Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' due to the parse and parsenat functions. An attacker can cause a denial of service by sending specially crafted inputs that are excessively long. Workaround Ensure that Fugit.parse...

CVE-2024-43380 fugit parse and parse_nat stall on lengthy input

fugit contains time tools for flor and the floraison group. The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sigh...

OSV-2024-868 Use-of-uninitialized-value in evutil_inet_pton

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69173 Crash type: Use-of-uninitialized-value Crash state: evutilinetpton bracketaddrok parseauthority...

PT-2024-40855 · Jq · Jq

Name of the Vulnerable Software and Affected Versions: jq affected versions not specified Description: The issue is related to a heap buffer overflow read, which occurs in the jq software. The crash state indicates that the functions jv parse, f tonumber, and jq next are involved in the issue...

PT-2024-40853 · Git +1 · Gpsd

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of "Use-of-uninitialized-value" as reported by OSS-Fuzz. The crash occurs in the packet parse function, located in t...

kernel: cifs: fix underflow in parse_server_interfaces()

In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...

UBUNTU-CVE-2024-42353

WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treats a // at the...

The vulnerability of the GenericReader::ParseNumber() function in the RapidJSON library for processing JSON files on Windows operating systems allows a malicious individual to escalate their privileges.

The vulnerability of the GenericReader::ParseNumber function in the RapidJSON library for processing JSON files on Windows operating systems is related to integer overflow. Exploiting this vulnerability can allow an attacker to enhance their privileges through the use of a specially created...

orc: Stack-based buffer overflow vulnerability in ORC

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI buil...

kernel: net: ieee802154: fix null deref in parse dev addr

In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null deref if the user sets the mode incorrectly for the given addr type...

kernel: net: ieee802154: fix null deref in parse dev addr

In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: fix null deref in parse dev addr Fix a logic error that could result in a null deref if the user sets the mode incorrectly for the given addr type...

kernel: use-after-free in kv_parse_power_table

A use-after-free flaw was found in kvparsepowertable in drivers/amd/pm in the Linux kernel. When ps equals NULL, kvparsepowertable frees adev-pm.dpm.ps. The adev-pm.dpm.ps is used in the loop of kvdpmfini after its first free in kvparsepowertable, causing a use-after-free problem...

The vulnerability of the taprio_parse_mqprio_opt() function in the network/scheduler subsystem of the Linux operating system allows a attacker to compromise the integrity and accessibility of protected information.

The vulnerability of the taprioparsemqprioopt function in the net/sched/schtaprio.c module, part of the network scheduling subsystem in the Linux operating system’s kernel, is related to insufficient validation of data received from users. Exploiting this vulnerability could allow an attacker to...

The vulnerability of the parse_btf_field() function in the Linux kernel debugging subsystem allows a attacker to cause a service failure.

The vulnerability of the parsebtffield function in the kernel/trace/traceprobe.c module of the Linux kernel’s tracing subsystem is related to improper code validation for the btffindstructmember function’s return value. Exploiting this vulnerability could allow an attacker to trigger a service...

RUSTSEC-2024-0362 Stack overflow when parsing specially crafted JSON ABI strings

Affected versions of the alloy-json-abi crate did not properly handle parsing of malformatted JSON ABI strings. The JsonAbi::parse method can be tricked into a stack overflow when processing specially crafted input. This stack overflow can lead to a crash of the application using this crate,...