Moderate: Red Hat Security Advisory: glibc security update

An update for glibc is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern

A stack buffer overflow flaw was found in glibc in the way the printf family of functions processed an 80-bit long double with a non-canonical bit pattern. This flaw allows an attacker who can control the arguments of these functions with the non-standard long double pattern to trigger an overflo...

glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern

A stack buffer overflow flaw was found in glibc in the way the printf family of functions processed an 80-bit long double with a non-canonical bit pattern. This flaw allows an attacker who can control the arguments of these functions with the non-standard long double pattern to trigger an overflo...

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description GET parameter ?plugin= of plugin.php is vulnerable to reflected cross site scripting. plugin.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at printf in plugin.php 🕵️‍♂️ Proof of Concept 1. Visit...

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description GET parameter ?plugin= is vulnerable to reflected cross site scripting. Line 17 of pluginconfig.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at printf in pluginconfig.php at line 17. 🕵️‍♂️ Proof...

sqlite: integer overflow in sqlite3_str_vappendf function in printf.c

An integer overflow flaw was found in the SQLite implementation of the printf function. This flaw allows an attacker who can control the precision of floating-point conversions, to crash the application, resulting in a denial of service...

Denial Of Service (DoS)

mpv is vulnerable to denial of service. An attacker is able to crash the application through a buffer overflow by specifying a printf format string which is not verified...

Linux/x86 - execve(/bin/sh) Shellcode (17 bytes)

Linux/x86 - execve/bin/sh Shellcode 17 bytes Author: s1ege Tested on: i686 GNU/Linux Shellcode length: 17 / ; nasm -felf32 shellcode.asm && ld -melfi386 shellcode.o -o shellcode section .text global start start: push 0x0b pop eax push 0x0068732f push 0x6e69622f mov ebx, esp int 0x80 / include...

SUSE SLES12 Security Update : glibc (SUSE-SU-2021:1165-1)

This update for glibc fixes the following issues : CVE-2020-27618: Accept redundant shift sequences in IBM1364 bsc1178386 CVE-2020-29562: Fix incorrect UCS4 inner loop bounds bsc1179694 CVE-2020-29573: Harden printf against non-normal long double values bsc1179721 Check vector support in memmove...

SUSE-SU-2021:1165-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2020-27618: Accept redundant shift sequences in IBM1364 bsc1178386 - CVE-2020-29562: Fix incorrect UCS4 inner loop bounds bsc1179694 - CVE-2020-29573: Harden printf against non-normal long double values bsc1179721 - Check vector support in...

printf vulnerable to Regular Expression Denial of Service (ReDoS)

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string regex /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...

1ib (>=1.0.9 <=1.0.11), 4front-cli (>=0.0.1 <=0.0.20) +375 more potentially affected by CVE-2021-23354 via printf (>=0.0.4 <=0.6.0)

printf NPM version =0.0.4, =1.0.9, =0.0.1, =1.0.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.5, =1.3.0, =1.2.26, =1.2.31, =7.54.0 and more Source cves: CVE-2021-23354 Source advisory: OSV:GHSA-XFHP-GMH8-R8V2...

GHSA-XFHP-GMH8-R8V2 printf vulnerable to Regular Expression Denial of Service (ReDoS)

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string regex /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...

CVE-2021-23354

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...

CVE-2021-23354

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...

Design/Logic Flaw

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...

CVE-2021-23354

CVE-2021-23354 affects the Node.js printf package prior to 0.6.1. A vulnerable regex in lib/printf.js can cause a Regular Expression Denial of Service (ReDoS) with cubic worst-case time complexity. Exposure is tied to the printf implementation, not a broader platform. To remediate, upgrade to 0.6...

CVE-2021-23354

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...

Worms David node-printf 安全漏洞

Worms David node-printf is an open source application by Worms David. A fully implemented printfC function family for Node.js, written in pure JavaScript. A security vulnerability exists in node-printf before 0.6.1, which stems from vulnerability to regular expression denial of service ReDoS...

PT-2021-15456 · Printf · Printf

Name of the Vulnerable Software and Affected Versions: printf versions prior to 0.6.1 Description: The issue concerns a Regular Expression Denial of Service ReDoS vulnerability via a regex string in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity, which can b...