2 matches found
CVE-2026-49839 jq --rawfile invalid-state reuse after String too long causes heap-buffer-overflow
jq is a command-line JSON processor. Prior to 1.8.2, jq --rawfile can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jvloadfileraw=1 reads an attacker-controlled file, it repeatedly appends file chunks to the...
OpenEBS Local PV RawFile 信息泄露漏洞
OpenEBS Local PV RawFile is an OpenEBS open source for creating local storage in Kubernetes. An information disclosure vulnerability exists in OpenEBS Local PV RawFile versions prior to 0.10.0 that stems from persistent volume data being globally readable, which could lead to unprivileged users...