PT-2024-25937 · Unknown · Faucet Sdn Ryu

Name of the Vulnerable Software and Affected Versions: Faucet SDN Ryu version 4.34 Description: The issue allows attackers to cause a denial of service infinite loop via inst.length=0 in OFPFlowStats in parser.py. Recommendations: For version 4.34, consider disabling the OFPFlowStats function in...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service caused by a bug in the parser [CVE-2023-5072]

Summary JSON-java is used by the IBM Datapower Operations Dashboard in its parsing infrastructure. Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: JSON-java is vulnerable to a denial of service, caused by a bug in the parser. By sending a specially crafted request, a remote attacker could...

JSON-java: parser confusion leads to OOM

A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service DoS...

JSON-java: parser confusion leads to OOM

A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service DoS...

JSON-java: parser confusion leads to OOM

A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service DoS...

JSON-java: parser confusion leads to OOM

A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service DoS...

JSON-java: parser confusion leads to OOM

A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service DoS...

Java: DoS Vulnerability in JSON-JAVA

Summary A denial of service vulnerability in JSON-Java was discovered by ClusterFuzz. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: 1 the parser bug can be used to circumvent a check that is supposed to...

PYSEC-2023-246

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTPNOEXTENSIONS is enabled or not using a prebuilt wheel. These bugs have...

CVE-2023-5072

A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service DoS. Mitigation No current mitigation is available for this flaw...

Input validation

Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used...

UBUNTU-CVE-2023-5072

Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used...

SUSE-SU-2023:1686-2 Security update for libmicrohttpd

This update for libmicrohttpd fixes the following issues: - CVE-2023-27371: Fixed a parser bug that could be used to crash servers using the MHDPostProcessor bsc1208745...

SUSE-SU-2023:1944-1 Security update for libmicrohttpd

This update for libmicrohttpd fixes the following issues: - CVE-2023-27371: Fixed parser bug that could be used to crash servers using the MHDPostProcessor bsc1208745...

SUSE CVE-2016-7931

The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mplsprint...

SUSE CVE-2016-7984

The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftpprint...

SUSE CVE-2016-9435

The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to tags...

SUSE CVE-2018-15856

An infinite loop when reaching EOL unexpectedly in compose/parser.c aka the keymap parser in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files...

CVE-2023-24040

The CVE-2023-24040 issue affects Common Desktop Environment (CDE) 1.6, where a bug in dtprintinfo’s handling of the lpstat parser during the listing of available printers allows low-privileged local users to inject arbitrary printer names via the $HOME/.printers file. This input manipulation can ...

CVE-2023-24040

dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat an invoked external command during listing of the names of available printers. This allows low-privileged local users to inject arbitrary printer names via the $HOME/.printers file. This injection allows those users t...