CVE-2022-48468

protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember...

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial of Service DoS attacks. A malicious user is able to cause an infinite loop via integer overflows when calling any of the Parse functions which contain //line directives with very large line numbers, which can cause the application to crash...

UBUNTU-CVE-2023-26555

praecisparse in ntpd/refclockpalisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver...

PT-2023-2770 · Ntp +3 · Ntp +3

Name of the Vulnerable Software and Affected Versions: NTP version 4.2.8p15 Description: The issue is related to an out-of-bounds write in the praecis parse function in ntpd/refclock palisade.c. This could potentially allow a remote attacker to cause a denial of service by sending a specially...

PT-2023-6370 · Unknown · Supportcandy

Name of the Vulnerable Software and Affected Versions: SupportCandy versions prior to 3.1.5 Description: The issue is related to the lack of validation and escaping of user input in SQL statements, which could allow unauthenticated attackers to perform SQL injection attacks. This could enable...

AZL-26026 CVE-2023-24537 affecting package golang for versions less than 1.20.7-1

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

AZL-79120 CVE-2023-24537 affecting package golang 1.25.7-1

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

AZL-37411 CVE-2023-24538 affecting package golang for versions less than 1.21.6-1

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

CVE-2023-24537

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

AZL-37352 CVE-2023-24537 affecting package golang for versions less than 1.21.6-1

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

DEBIAN-CVE-2023-24538

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

AZL-37319 CVE-2023-24537 affecting package golang for versions less than 1.21.6-1

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

CVE-2023-24537

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

Integer overflow

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

CVE-2023-24537

CVE-2023-24537 affects the Go parser (go/parser) when processing Go source containing //line directives with very large line numbers, causing an infinite loop due to integer overflow. Documents confirm this vulnerability in golang/go and note that patched versions are available in affected distri...

SUSE CVE-2023-24538

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

PT-2023-35753 · Git +1 · Binutils

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided input. Description: The issue is related to a heap-use-after-free READ 3 crash type. The crash state involves functions such as filename cmp, debug start source, and parse stab. N...

CVE-2023-24537

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service...

PT-2023-9029 · Golang +10 · Golang +10

Name of the Vulnerable Software and Affected Versions: Golang affected versions not specified Description: The issue is related to the consumption of large amounts of CPU and memory when processing form inputs containing a large number of parts. This can be caused by several factors, including th...

PT-2023-9785 · Go +10 · Go +10

Name of the Vulnerable Software and Affected Versions: Go affected versions not specified Description: The issue is related to the Parse function in the Go programming language, which can cause an infinite loop due to integer overflow when processing Go source code containing //line directives wi...