CVE-2020-29244

dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readTextWithDescrFrame...

CVE-2020-29244

The CVE-2020-29244 entry concerns the Go library github.com/dhowden/tag. It is triggered by improper bounds checking in functions such as readTextWithDescrFrame (and related readPICFrame/readAtomData paths), causing a panic: runtime error: slice bounds out of range. Exposures reported as a Denial...

Dhowden Tag Input Validation Error Vulnerability

Dhowden Tag is a Go-based MP3/MP4/OGG/FLAC metadata parsing library by Dhowden's personal developer. A security vulnerability exists in dhowden tag versions prior to 2020-11-19, which allows "panic: runtime error: slice bounds out of range" via readTextWithDescrFrame...

CVE-2020-35381

jsonparser 1.0.0 allows attackers to cause a denial of service panic: runtime error: slice bounds out of range via a GET call...

CVE-2020-35381

jsonparser 1.0.0 allows attackers to cause a denial of service panic: runtime error: slice bounds out of range via a GET call...

RUSTSEC-2020-0073 Mutable reference with immutable provenance

A mutable reference to a struct was constructed by dereferencing a pointer obtained from slice::asptr. Instead, slice::asmutptr should have been called on the mutable slice argument. The former performs an implicit reborrow as an immutable shared reference which does not allow writing through the...

Mutable reference with immutable provenance

A mutable reference to a struct was constructed by dereferencing a pointer obtained from slice::asptr. Instead, slice::asmutptr should have been called on the mutable slice argument. The former performs an implicit reborrow as an immutable shared reference which does not allow writing through the...

Sheng Zhang-Slice App has Denial of Service Vulnerability

Moment is a social chat app. A denial-of-service vulnerability exists in the Zhangsheng-Slice Moment app, which can be exploited by an attacker to cause a running app application to crash...

GHSA-PP7H-53GX-MX7R Remote Memory Exposure in bl

A buffer over-read vulnerability exists in bl 4.0.3, 3.0.1, 2.2.1, and 1.2.3 which could allow an attacker to supply user input even typed that if it ends up in consume argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via...

CVE-2020-8244

A buffer over-read vulnerability exists in bl 4.0.3, 3.0.1, 2.2.1, and 1.2.3 which could allow an attacker to supply user input even typed that if it ends up in consume argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via...

Design/Logic Flaw

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentional...

CVE-2020-15106

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentional...

OSV-2020-1377 Segv on unknown address in slice_segment_header::operator=

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22924 Crash type: Segv on unknown address Crash state: slicesegmentheader::operator= slicesegmentheader::read decodercontext::readsliceNAL...

OSV-2020-1030 Heap-buffer-overflow in ih264d_compute_bs_non_mbaff_thread

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16505 Crash type: Heap-buffer-overflow READ 8 Crash state: ih264dcomputebsnonmbaffthread ih264drecondeblkslice ih264drecondeblkthread...

CVE-2020-0219

In onCreate of SliceDeepLinkSpringBoard.java there is a possible insecure Intent. This could lead to local elevation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-122836081...

CVE-2020-0194

In ihevcdparsesliceheader of ihevcdparsesliceheader.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Andro...

CVE-2020-0188

In onCreatePermissionRequest of SettingsSliceProvider.java, there is a possible permissions bypass due to a PendingIntent error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2020-0114

In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed...

kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications

A flaw was found in the Linux kernel’s scheduler, where it can allow attackers to cause a denial of service against non-CPU-bound applications by generating a workload that triggers unwanted scheduling slice expiration. A local attacker who can trigger a specific workload type could abuse this...

kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications

A flaw was found in the Linux kernel’s scheduler, where it can allow attackers to cause a denial of service against non-CPU-bound applications by generating a workload that triggers unwanted scheduling slice expiration. A local attacker who can trigger a specific workload type could abuse this...