JLSEC-2026-225 Read buffer overruns processing ASN.1 strings

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...

GHSA-48C2-RRV3-QJMP yaml is vulnerable to Stack Overflow via deeply nested YAML collections

Parsing a YAML document with yaml may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a depth bound. An attacker who can supply YAML for parsing can trigger a RangeError: Maximum call stack size exceeded with a small payload...

EUVD-2026-10374

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-siz...

EUVD-2020-19787

Malware in sbrugna...

EUVD-2012-1143

Malware in sbrugna...

BIT-LIBPYTHON-2024-11168 Improper validation of IPv6 and IPvFuture addresses

The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser...

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error via the mbedtlspemreadbuffer, mbedtlspkparse and mbedtlspkparsekeyfile functions when processing untrusted PEM input. An attacker can cause a one-byte heap-based buffer underflow by supplying specially crafted PEM data...

CVE-2024-21493

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead ...

Security Bulletin: AIX is vulnerable to a denial of service due to libxml2 (CVE-2024-25062)

Summary Vulnerability in libxml2 could allow a remote attacker to cause a denial of service CVE-2024-25062. AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. Whe...

AZL-54419 CVE-2024-45338 affecting package gh for versions less than 2.62.0-5

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54524 CVE-2024-45338 affecting package influxdb for versions less than 2.6.1-19

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

DEBIAN-CVE-2024-45338

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

PT-2024-10470

Name of the Vulnerable Software and Affected Versions Golang versions prior to the fixed version Description The issue is related to uncontrolled resource consumption in the Golang programming language. An attacker can craft an input to the Parse functions that would be processed non-linearly wit...

Security update for go1.21-openssl

This update for go1.21-openssl fixes the following issues: CVE-2024-34158: Fixed stack exhaustion in Parse in go/build/constraint bsc1230254. CVE-2024-34156: Fixed stack exhaustion in Decoder.Decode in encoding/gob bsc1230253. CVE-2024-34155: Fixed stack exhaustion in all Parse functions...

CLSA-2024-1729627193 Fix CVE(s): CVE-2023-27043

SECURITY UPDATE: Incorrect parsing of email addresses containing special characters - debian/patches/CVE-2023-27043.patch: Fix email address parsing errors by adding optional 'strict' parameter to getaddresses and parseaddr functions - CVE-2023-27043...

CVE-2024-21493

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead ...

CVE-2024-21493

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead ...

OESA-2023-1663 skopeo security update

A command line utility that performs various operations on container images and image repositories Security Fixes: Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.CVE-2023-24537...

kernel: ASoC: mt6359: Fix refcount leak bug

In the Linux kernel, the following vulnerability has been resolved: ASoC: mt6359: Fix refcount leak bug In mt6359parsedt and mt6359accdetparsedt, we should call ofnodeput for the reference returned by ofgetchildbyname which has increased the refcount...

Denial Of Service (DoS)

github.com/golang/go is vulnerable to Denial of Service DoS attacks. A malicious user is able to cause an infinite loop via integer overflows when calling any of the Parse functions which contain //line directives with very large line numbers, which can cause the application to crash...