Slackware Linux 14.0 / 14.1 / 14.2 / current expat Multiple Vulnerabilities (SSA:2022-016-01)

The version of expat installed on the remote host is prior to 2.4.3. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-016-01 advisory. - In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to...

DEBIAN-CVE-2021-45960

In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory...

CVE-2021-45960

In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory...

UBUNTU-CVE-2021-45960

In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory...

CVE-2021-45960

In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory...

CVE-2021-45960

In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory...

Expat 资源管理错误漏洞

Expat is a fast streaming XML parser written in C. A security vulnerability exists in Expat, which stems from the fact that in Expat aka libexpat prior to 2.4.3, the storeAtts function in xmlparse.c shifted left by 29 or more bits may cause realloc misbehavior e.g., allocating too few bytes too...

OSV-2021-1628 Stack-buffer-overflow in sprint_realloc_hinted_integer

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41372 Crash type: Stack-buffer-overflow WRITE 1 Crash state: sprintreallochintedinteger sprintreallocinteger snprintinteger...

Heap-based Buffer Overflow in mruby/mruby

Description Heap buffer overflow on mrb-vm-exec Proof of Concept // poc.rb 1.timesuntil% ;break Result ./mruby poc.rb ================================================================= ==1451==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000023d9 at pc 0x55b2fc3f1046 bp...

GHSA-VQX7-PW4R-29RR Out of bounds read in bumpalo

An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys...

Out of bounds read in bumpalo

An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys...

EulerOS Virtualization 3.0.2.2 : p11-kit (EulerOS-SA-2021-2155)

According to the version of the p11-kit packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations...

p11-kit security, bug fix, and enhancement update

0.23.22-1 - Rebase to 0.23.22 to fix memory safety issues CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363 - Preserve DTNEEDED information from the previous version, flagged by rpmdiff - Add xsltproc to BR 0.23.21-4 - Fix realloc usage on proxy cleanup 1894979 - Make 'trust anchor --store'...

p11-kit: integer overflow when allocating memory for arrays or attributes and object identifiers

An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc...

DEBIAN-CVE-2021-21401

Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid free or realloc calls if the message type contains an oneof field, and the oneof directly contains both a pointer field and ...

Null pointer dereference

Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid free or realloc calls if the message type contains an oneof field, and the oneof directly contains both a pointer field and ...

PYSEC-2021-432

Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid free or realloc calls if the message type contains an oneof field, and the oneof directly contains both a pointer field and ...

CVE-2021-21401

Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid free or realloc calls if the message type contains an oneof field, and the oneof directly contains both a pointer field and ...

Nanopb 安全漏洞

Nanopb is a protocol buffer implementation for microprocessors by the individual developer of Nanopb. A security vulnerability exists in Nanopb that results in invalid "free" or "realloc" calls...

GitHub Security Lab: ihsinme: CPP Add query for CWE-401 memory leak on unsuccessful call to realloc function

This bug was reported directly to GitHub Security Lab...