Denial Of Service (DoS)

github.com/onosproject/rimedo-ts is vulnerable to Denial Of Service DoS. The vulnerability is due to an out-of-range panic within reader.go, when accessing elements out of the slice bounds, which could result in Denial of Service...

tcpslice: use-after-free in extract_slice()

A heap use-after-free flaw was found in tcpslices' extractslice. This flaw allows an attacker with local network access to pass a specially crafted 'pcap' file to tcpslice, causing segmentation fault. This vulnerability halts or crashes the application, leading to a denial of service...

CVE-2024-34050

Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64b216 | uint64b18 | uint64b0" in reader.go...

CVE-2024-34050

Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64b216 | uint64b18 | uint64b0" in reader.go...

CVE-2024-34049

Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return plmnIdString0:3, plmnIdString3:" in reader.go...

CVE-2024-34050

Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 is affected by a slice bounds out-of-range panic in reader.go, triggered by returning uint64(b[2])<<16 | uint64(b[1])<

PT-2024-25668 · Open Networking Foundation · Rimedo-Ts

Name of the Vulnerable Software and Affected Versions: Open Networking Foundation SD-RAN Rimedo rimedo-ts version 0.1.1 Description: The issue is related to a slice bounds out-of-range panic in the code. Specifically, the problem occurs in the line "return uint64b216 | uint64b18 | uint64b0" in th...

CVE-2024-34050

Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64b216 | uint64b18 | uint64b0" in reader.go...

PT-2024-25666 · Open Networking Foundation · Rimedo-Ts

Name of the Vulnerable Software and Affected Versions: Open Networking Foundation SD-RAN Rimedo rimedo-ts version 0.1.1 Description: The issue is related to a slice bounds out-of-range panic in the "return plmnIdString0:3, plmnIdString3:" line in reader.go. This indicates a problem with how the...

CVE-2024-34049

Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 is affected by a slice bounds out-of-range panic in reader.go when executing plmnIdString[0:3] and plmnIdString[3:]. The issue arises from improper bounds handling on the plmnIdString slice, which can lead to a crash (reported as DoS in som...

CVE-2024-34049

Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return plmnIdString0:3, plmnIdString3:" in reader.go...

CVE-2024-34050

Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64b216 | uint64b18 | uint64b0" in reader.go...

vyper performs double eval of the slice start/length args in certain cases

Summary Using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects. A contract search was performed and no vulnerable contracts were found in production. Having...

PYSEC-2024-207

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects...

CVE-2024-32646 vyper performs double eval of the slice args when buffer from adhoc locations

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects...

CVE-2024-32646 vyper performs double eval of the slice args when buffer from adhoc locations

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects...

CVE-2024-32646

Vyper CVE-2024-32646 affects the Pythonic smart contract language. The vulnerability concerns the builtin slice when the buffer is msg.data, self.code, or .code and either the start or length has side-effects, causing a double evaluation of those side-effects. It is triggerable only in versions e...

PT-2024-24739 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.10 and prior Description: Using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects. The...

CVE-2024-29903

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on...

BIT-TENSORFLOW-2021-37686 Infinite loop in TensorFlow Lite

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker ca...