golang.org/x/net/html NULL Pointer Dereference vulnerability

The html package aka x/net/html before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of , , or . This is related to HTMLTreeBuilder.cpp in WebKit...

GHSA-5P4H-3377-7W67 golang.org/x/net/html NULL Pointer Dereference vulnerability

The html package aka x/net/html before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of , , or . This is related to HTMLTreeBuilder.cpp in WebKit...

Improper Restriction of Operations within the Bounds of a Memory Buffer

The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call...

NULL Pointer Dereference

The html package aka x/net/html before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of , , or . This is related to HTMLTreeBuilder.cpp in WebKit...

Improper Restriction of Operations within the Bounds of a Memory Buffer

The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call...

Improper Validation of Array Index

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" index out of range in insertionModeStack.pop in node.go, called from inHeadIM, during an html.Parse call...

Improper Restriction of Operations within the Bounds of a Memory Buffer

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" index out of range in nodeStack.pop in node.go, called from parser.clearActiveFormattingElements, during an html.Parse call...

NULL Pointer Dereference

The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call...

Improper Restriction of Operations within the Bounds of a Memory Buffer

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to a "panic: runtime error" index out of range in nodeStack.pop in node.go, called from parser.clearActiveFormattingElements, during an html.Parse call...

NULL Pointer Dereference

The html package aka x/net/html through 2018-09-17 in Go mishandles , leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call...

Stack buffer overflow in RTSP packet parsing

Description A malicious RTSP server can trigger a stack buffer overflow via an RTSP packet with an excessively long content-length due to no bounds check when copying into a fixed sized buffer. Proof of Concept poc.py is available here terminal 1 python3 poc.py 31337 terminal 2 ./configure...

Denial Of Service (DoS)

ethereum/go-ethereum is vulnerable to denial of service DoS attacks. The vulnerability exists due to some unknown functionality of the component Message Handler. An attacker is able to exploit the vulnerability by sending series of messages, causing the system to crash with runtime error: invalid...

UBUNTU-CVE-2021-43668

Go-Ethereum 1.10.9 nodes crash denial of service after receiving a serial of messages and cannot be recovered. They will crash with "runtime error: invalid memory address or nil pointer dereference" and arise a SEGV signal...

claimRewardAsMochi will produce a runtime error

Handle pauliax Vulnerability details Impact function claimRewardAsMochi in ReferralFeePoolV0 will produce a runtime exception because the length of the path is 2 but it tries to assign 3 entries: address memory path = new address; path0 = addressusdm; path1 = uniswapRouter.WETH; path2 =...

Division by 0 in `Reverse`

Impact An attacker can cause a denial of service via a FPE runtime error in tf.rawops.Reverse: python import tensorflow as tf tensorinput = tf.constant, shape=0, 1, 1, dtype=tf.int32 dims = tf.constantFalse, True, False, shape=3, dtype=tf.bool tf.rawops.Reversetensor=tensorinput, dims=dims This i...

Division by 0 in `FusedBatchNorm`

Impact An attacker can cause a denial of service via a FPE runtime error in tf.rawops.FusedBatchNorm: python import tensorflow as tf x = tf.constant, shape=1, 1, 1, 0, dtype=tf.float32 scale = tf.constant, shape=0, dtype=tf.float32 offset = tf.constant, shape=0, dtype=tf.float32 mean = tf.constan...

Division by 0 in `QuantizedAdd`

Impact An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedAdd: python import tensorflow as tf x = tf.constant68, 228, shape=2, 1, dtype=tf.quint8 y = tf.constant, shape=2, 0, dtype=tf.quint8 minx = tf.constant10.723421015884028 maxx =...

Division by 0 in `QuantizedBatchNormWithGlobalNormalization`

Impact An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedBatchNormWithGlobalNormalization: python import tensorflow as tf t = tf.constant, shape=0, 0, 0, 0, dtype=tf.quint8 tmin = tf.constant-10.0, dtype=tf.float32 tmax = tf.constant-10.0,...

Google TensorFlow Denial of Service Vulnerability (CNVD-2021-37628)

Google TensorFlow is an end-to-end open source machine learning platform. A security vulnerability exists in Google TensorFlow. The vulnerability stems from an FPE runtime error in tf.rawops.DenseCountSparseOutput. An attacker can exploit the vulnerability to cause a denial of service...

Google TensorFlow Denial of Service Vulnerability (CNVD-2021-37631)

Google TensorFlow is an end-to-end open source machine learning platform. A security vulnerability exists in Google TensorFlow. The vulnerability stems from an FPE runtime error in tf.rawops.SparseMatMul. An attacker can exploit the vulnerability to cause a denial of service...