Nanopb 安全漏洞

Nanopb is a protocol buffer implementation for microprocessors by the individual developer of Nanopb. A security vulnerability exists in Nanopb that results in invalid "free" or "realloc" calls...

GitHub Security Lab: ihsinme: CPP Add query for CWE-401 memory leak on unsuccessful call to realloc function

This bug was reported directly to GitHub Security Lab...

CentOS 8 : curl (CESA-2020:1792)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1792 advisory. - curl: TFTP receive heap buffer overflow in tftpreceivepacket function CVE-2019-5436 - curl: double free due to subsequent call of realloc CVE-2019-54...

DEBIAN-CVE-2020-35861

An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys...

UBUNTU-CVE-2020-35861

An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys...

Rust Buffer Error Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in bumpalo crate before 3.2.1 for Rust, which stems from a realloc feature that allows reading of unknown memory. An attacker can exploit this vulnerability to potentially read...

The vulnerability of the realloc function in the Pillow image processing library allows a malicious actor to cause a service failure.

The vulnerability of the realloc function in the Pillow image processing library libImaging/TiffDecode.c is due to a numerical overflow during the processing of TIFF images. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command where overflow checks are missing before calling realloc or calloc.

...

DEBIAN-CVE-2020-29361

An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc...

ALPINE-CVE-2020-29361

An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc...

UBUNTU-CVE-2020-29361

An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc...

curl: double free due to subsequent call of realloc()

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3...

Moderate: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

RHEL 8 : curl (RHSA-2020:1792)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1792 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...

RUSTSEC-2020-0006 Flaw in `realloc` allows reading unknown memory

When reallocing, if we allocate new space, we need to copy the old allocation's bytes into the new space. There are oldsize number of bytes in the old allocation, but we were accidentally copying newsize number of bytes, which could lead to copying bytes into the realloc'd space from past the chu...

Flaw in `realloc` allows reading unknown memory

When reallocing, if we allocate new space, we need to copy the old allocation's bytes into the new space. There are oldsize number of bytes in the old allocation, but we were accidentally copying newsize number of bytes, which could lead to copying bytes into the realloc'd space from past the chu...

CVE-2019-17177

libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer i.e., the first argument to realloc is also used for a realloc return value...

curl: double free due to subsequent call of realloc()

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3...

UBUNTU-CVE-2019-19344

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc while other local variables still point at the original buffer...

Use after free during DNS zone scavenging

Description Samba 4.9 introduced an off-by-default feature to tombstone dynamically created DNS records that had reached their expiry time. This feature is controlled by the smb.conf option: dns zone scavenging = yes There is a use-after-free issue in this code, essentially due to a call to reall...