Vyper 安全漏洞

Vyper is a Pythonic smart contract language for EVM open sourced by vyperlang. A security vulnerability exists in Vyper 0.4.2rc1 and earlier versions, which stems from a slice function that may skip side-effect evaluation when the output length is zero...

PT-2025-21348 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions up to and including 0.4.2rc1 Description: The issue concerns the slice builtin in Vyper, which can elide side effects when the output length is 0 and the source bytestring is a builtin, such as msg.data or .code. This occurs...

SUSE CVE-2024-58253

In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that produces an invalid value...

CVE-2025-37821

In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se-slice being set to U64MAX and resulting crash There is a code path in dequeueentities that can set the slice of a schedentity to U64MAX, which sometimes results in a crash. The offending case is when...

UBUNTU-CVE-2025-37821

In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se-slice being set to U64MAX and resulting crash There is a code path in dequeueentities that can set the slice of a schedentity to U64MAX, which sometimes results in a crash. The offending case is when...

CVE-2025-37821 sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash

In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se-slice being set to U64MAX and resulting crash There is a code path in dequeueentities that can set the slice of a schedentity to U64MAX, which sometimes results in a crash. The offending case is when...

CVE-2025-37821

The CVE-2025-37821 issue in the Linux kernel’s scheduler (eevdf) caused se->slice to be set to U64_MAX during a complex dequeue sequence, leading to a large, destabilizing vruntime/vlag mismatch and a potential crash. The root cause was that, when dequeuing a delayed group entity whose parent ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improperly set scheduler slice, which could cause the kernel to crash...

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 sli...

PT-2025-39403

Name of the Vulnerable Software and Affected Versions pytorch version 2.8.0 Description An issue in the torch.linalg.lu component allows attackers to cause a Denial of Service DoS when performing a slice operation. Recommendations At the moment, there is no information about a newer version that...

SUSE CVE-2025-22001

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix integer overflow in qaicvalidatereq These are u64 variables that come from the user via qaicattachsliceboioctl. Use checkaddoverflow to ensure that the math doesn't have an integer wrapping bug...

AZL-59870 CVE-2025-22001 affecting package kernel for versions less than 6.6.85.1-2

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix integer overflow in qaicvalidatereq These are u64 variables that come from the user via qaicattachsliceboioctl. Use checkaddoverflow to ensure that the math doesn't have an integer wrapping bug...

UBUNTU-CVE-2025-22001

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix integer overflow in qaicvalidatereq These are u64 variables that come from the user via qaicattachsliceboioctl. Use checkaddoverflow to ensure that the math doesn't have an integer wrapping bug...

CVE-2025-22001 accel/qaic: Fix integer overflow in qaic_validate_req()

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix integer overflow in qaicvalidatereq These are u64 variables that come from the user via qaicattachsliceboioctl. Use checkaddoverflow to ensure that the math doesn't have an integer wrapping bug...

GHSA-GV7F-5QQH-VXFX xous has unsound usages of `core::slice::from_raw_parts`

We consider asslice and asslicemut unsound because: the pointer with any bit patterns could be cast to the slice of arbitrary types. The pointer could be created by unsafe new and deprecated fromparts. We consider that fromparts should be removed in latest version because it will help trigger...

xous has unsound usages of `core::slice::from_raw_parts`

We consider asslice and asslicemut unsound because: the pointer with any bit patterns could be cast to the slice of arbitrary types. The pointer could be created by unsafe new and deprecated fromparts. We consider that fromparts should be removed in latest version because it will help trigger...

RUSTSEC-2024-0431 Unsound usages of `core::slice::from_raw_parts`

We consider asslice and asslicemut unsound because: the pointer with any bit patterns could be cast to the slice of arbitrary types. The pointer could be created by unsafe new and deprecated fromparts. We consider that fromparts should be removed in latest version because it will help trigger...

linkme fails to ensure slice elements match the slice's declared type

Affected versions allow populating a DistributedSlice of T with elements of an arbitrary other type that coerces to T. For example, elements of type &&str could end up in a slice of type &str, since &&str coerces to &str via a deref coercion. The flaw was corrected by implementing typechecking fo...

GHSA-F95P-4CV5-8W8X linkme fails to ensure slice elements match the slice's declared type

Affected versions allow populating a DistributedSlice of T with elements of an arbitrary other type that coerces to T. For example, elements of type &&str could end up in a slice of type &str, since &&str coerces to &str via a deref coercion. The flaw was corrected by implementing typechecking fo...

CVE-2018-9423

In ihevcdparsesliceheader of ihevcdparsesliceheader.c there is a possible out of bound read due to missing bounds check. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation...