CVE-2023-32758

The connected documents confirm CVE-2023-32758 affects git-url-parse (Python) up to 1.2.2, used by Semgrep versions 1.5.2–1.24.1. The issue is a Regular Expression Denial of Service (ReDoS) when parsing untrusted URLs, with potential impact if a package’s author embeds a crafted URL in a target p...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : SQL parse vulnerability (USN-6064-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6064-1 advisory. It was discovered that SQL parse incorrectly handled certain regular expression. An attacker could possibly use this issue to caus...

CVE-2023-31913

Jerryscript 3.0 commit 1a2c047 was discovered to contain an Assertion Failure via the component parserparseclass at jerry-core/parser/js/js-parser-expr.c...

PT-2023-23515 · Unknown · Jerryscript

Name of the Vulnerable Software and Affected Versions: Jerryscript version 3.0 commit 1a2c047 Description: An Assertion Failure was discovered in Jerryscript via the component parser parse class at jerry-core/parser/js/js-parser-expr.c. Recommendations: For Jerryscript version 3.0 commit 1a2c047,...

USN-6064-1: SQL parse vulnerability

It was discovered that SQL parse incorrectly handled certain regular expression. An attacker could possibly use this issue to cause a denial of service...

JerryScript 缓冲区错误漏洞

JerryScript is a lightweight JavaScript engine from the Jerryscript project. A security vulnerability exists in JerryScript version 3.0.0 1a2c047, which originates in the component parserparsefunctionstatement in /jerry-core/parser/js/js-parser-statm.c contains a heap buffer overflow...

CVE-2023-31910

Removed by vendor...

kernel: soc: qcom: ocmem: Fix refcount leak in of_get_ocmem

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: ocmem: Fix refcount leak in ofgetocmem ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak. ofnodeput will...

kernel: usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe

In the Linux kernel, the following vulnerability has been resolved: usb: ohci-nxp: Fix refcount leak in ohcihcdnxpprobe ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak...

PT-2025-26037 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A refcount leak bug has been identified in the Linux kernel, specifically in the ASoC: mt6359 component. The issue arises in the mt6359 parse dt and mt6359 accdet parse dt functions,...

PT-2023-6791 · Yajl +11 · Yajl +11

Name of the Vulnerable Software and Affected Versions: yajl version 2.1.0 Description: The issue is related to a memory leak caused by the use of the yajl tree parse function in the yajl library. This can lead to out-of-memory conditions in servers, resulting in crashes. The vulnerability can be...

DEBIAN-CVE-2022-40318

An issue was discovered in bgpd in FRRouting FRR through 8.4. By crafting a BGP OPEN message with an option of type 0xff Extended Length from RFC 9072, attackers may cause a denial of service assertion failure and daemon restart, or out-of-bounds read. This is possible because of inconsistent...

OESA-2023-1256 protobuf-c security update

This is protobuf-c, a C implementation of the Google Protocol Buffers data serialization format. Security Fixes: protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember.CVE-2022-48468...

SUSE CVE-2023-29582

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parseexpr1 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...

SUSE CVE-2023-29583

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parseexpr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...

PT-2023-35797 · Git +1 · Mongoose

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap buffer overflow read issue was identified, with a crash type of Heap-buffer-overflow READ 1. The crash occurred in the mg mqtt parse function,...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the parseexpr5 function in the /nasm/nasm-parse.c file. Remediation There is no fixed version for yasm. References - GitHub Issue - PoC Credit: z1r00...

PT-2023-7434 · Avahi +9 · Avahi +9

Name of the Vulnerable Software and Affected Versions: Avahi affected versions not specified Description: A vulnerability exists in the avahi rdata parse function of Avahi, which is related to a reachable assertion. This issue can be exploited by an attacker to cause a denial of service...

CVE-2023-29582

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parseexpr1 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...

AZL-26346 CVE-2023-29582 affecting package yasm 1.3.0-17

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parseexpr1 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...