Hamba avro 资源管理错误漏洞

Avro is a fast Go Avro codec in the hamba open source. A resource management error vulnerability exists in Hamba avro that stems from using partial input from Unmarshal to determine the size when creating a new slice, allowing an arbitrary amount of memory to be consumed, causing the program to...

XKCP: buffer overflow in the SHA-3 reference implementation

A flaw was found in the Keccak XKCP SHA-3 reference implementation. The sponge function interface allows partial input data to be processed, and partial output to be produced. When at least one of these has a length of 4294967096 bytes or more, it can result in elimination of cryptographic...

Buffer overflow in sponge queue functions

Impact The Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more. Patches Yes, see commit fdc6fef0...

XKCP: buffer overflow in the SHA-3 reference implementation

A flaw was found in the Keccak XKCP SHA-3 reference implementation. The sponge function interface allows partial input data to be processed, and partial output to be produced. When at least one of these has a length of 4294967096 bytes or more, it can result in elimination of cryptographic...

CVE-2022-37454

A flaw was found in the Keccak XKCP SHA-3 reference implementation. The sponge function interface allows partial input data to be processed, and partial output to be produced. When at least one of these has a length of 4294967096 bytes or more, it can result in elimination of cryptographic...