CURL-CVE-2016-9586 printf floating point buffer overflow

libcurl's implementation of the printf functions triggers a buffer overflow when doing a large floating point output. The bug occurs when the conversion outputs more than 255 bytes. The flaw happens because the floating point conversion is using system functions without the correct boundary check...

cURL -- buffer overflow

The cURL project reports: printf floating point buffer overflow libcurl's implementation of the printf functions triggers a buffer overflow when doing a large floating point output. The bug occurs when the conversion outputs more than 255 bytes...

CVE-2016-9586

curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks...

UBUNTU-CVE-2016-9586

curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks...

OpenSSL: Fix memory issues in BIO_*printf functions

Several flaws were found in the way BIOprintf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application...

openssl: doapr_outch function does not verify that certain memory allocation succeeds

Several flaws were found in the way BIOprintf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application...

OpenSSL: Fix memory issues in BIO_*printf functions

Several flaws were found in the way BIOprintf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application...

Important: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

UBUNTU-CVE-2016-1951

Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime NSPR before 4.12 allow remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a long string to a PRprintf function...

openssl security update

CentOS Errata and Security Advisory CESA-2016:0996 An update for openssl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 6 : openssl (RHSA-2016:0996)

An update for openssl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

OpenSSL: Fix memory issues in BIO_*printf functions

Several flaws were found in the way BIOprintf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application...

openssl: doapr_outch function does not verify that certain memory allocation succeeds

Several flaws were found in the way BIOprintf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application...

CentOS Update for openssl CESA-2016:0722 centos7

Check the version of openssl SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882486";...

OpenSSL: Fix memory issues in BIO_*printf functions

Several flaws were found in the way BIOprintf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application...

FreeBSD-SA-16:12.openssl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:12.openssl Security Advisory The FreeBSD Project Topic: Multiple OpenSSL vulnerabilities Category: contrib Module: openssl Announced: 2016-03-10 Credits:...

OpenSSL BIO_printf Function Heap Memory Corruption Vulnerability

OpenSSL is a general-purpose open source cryptographic library that implements Secure Sockets Layer and Secure Transport Layer protocols and can support a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure hashing algorithms, and so on. The BIOprintf...

sqlite: stack buffer overflow in src/printf.c

It was found that SQLite's sqlite3VXPrintf function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts...

USN-2698-1 sqlite3 vulnerabilities

It was discovered that SQLite incorrectly handled skip-scan optimization. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. CVE-2013-7443 Michal Zalewski...

CVE-2015-3717

Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service application crash via unspecified vectors...