33 matches found
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...
GHSA-FJ2X-735W-74VQ gnark-crypto allows unchecked memory allocation during vector deserialization
The issue has been reported by @raefko from @fuzzinglabs. Excerpts from the report: A critical vulnerability exists in the gnark-crypto library's Vector.ReadFrom function that allows an attacker to trigger arbitrary memory allocation by crafting malicious input data. An attacker can cause the...
CVE-2023-21272
In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2023-18052 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to a possible bad URI permission grant due to improper input validation in the readFrom method of Uri.java. This could lead to local escalation of privilege with no...
Google Android 输入验证错误漏洞
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates from improper input validation in the readFrom module of Uri.java, which can be exploited by an attacker to gain elevated privileges...
CVE-2022-20338
In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User...
LIM OpenEXR Denial of Service Vulnerability (CNVD-2017-32289)
LIM OpenEXR is an image file format developed by Industrial Light and Magic LIM in the United States for high dynamic range HDR images. A security vulnerability exists in the 'Header::readfrom' function in the IlmImf/ImfHeader.cpp file in LIM OpenEXR version 2.2.0. A remote attacker can exploit...
CVE-2017-14988
DISPUTED Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service excessive memory allocation via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties...
CVE-2017-14988
Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service excessive memory allocation via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe tha...
RESTEasy: XML eXternal Entity (XXE) flaw
The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding JAXB input, aka an XML external entity XXE injection attack, a similar vulnerability to...
RESTEasy: XML eXternal Entity (XXE) flaw
The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding JAXB input, aka an XML external entity XXE injection attack, a similar vulnerability to...