CVE-2018-20995

An issue was discovered in the slice-deque crate before 0.1.16 for Rust. moveheadunchecked allows memory corruption because deque updates are mishandled...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow through the parsing of H265 slice headers. An attacker can execute code in the context of the current process by leveraging the lack of proper validation of the length of user-supplied data prior to copying i...

UBUNTU-CVE-2025-3887

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

GStreamer 安全漏洞

GStreamer is a GStreamer open source set of frameworks for processing streaming media. A security vulnerability exists in GStreamer that stems from not properly validating the data length when parsing H265 slice headers, which could lead to remote code execution...

Insufficient Control Flow Management

Vyper is vulnerable to Insufficient Control Flow Management. The vulnerability is due to the Vyper compiler skipping evaluation of the start argument in the slice function when length is 0 and the source is a special location like msg.data or .code, allows an attacker to suppress execution of...

CLSA-2025-1747430870 cups-filters: Fix of 2 CVEs

CVE-2024-47175: prevent PPD generation based on invalid IPP response - CVE-2024-47850: do not generate PPD for remote raw queues and add system-cups.slice...

Insufficient Control Flow Management

Overview vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Insufficient Control Flow Management through the slice function. An attacker can bypass the evaluation of side effects in the start argument when the length argument is set to 0,...

GHSA-3VCG-J39X-CWFM Vyper's `slice()` may elide side-effects when output length is 0

Impact the slice builtin can elide side effects when the output length is 0, and the source bytestring is a builtin msg.data or .code. the reason is that for these source locations, the check that length = 1 is skipped:...

Vyper's `slice()` may elide side-effects when output length is 0

Impact the slice builtin can elide side effects when the output length is 0, and the source bytestring is a builtin msg.data or .code. the reason is that for these source locations, the check that length = 1 is skipped:...

CVE-2025-47774

Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, the slice builtin can elide side effects when the output length is 0, and the source bytestring is a builtin msg.data or .code. The reason is that for these source locations, the...

CVE-2025-47774 Vyper's `slice()` may elide side-effects when output length is 0

Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, the slice builtin can elide side effects when the output length is 0, and the source bytestring is a builtin msg.data or .code. The reason is that for these source locations, the...

CVE-2025-47774

CVE-2025-47774 relates to Vyper (Pythonic language for the EVM). The issue affects Vyper versions up to and including 0.4.2rc1 where slice() can elide side effects when length is 0 for certain source bytestrings (e.g., msg.data or .code). The root cause is that the length >= 1 check is skipped...

CVE-2025-47774 Vyper's `slice()` may elide side-effects when output length is 0

Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, the slice builtin can elide side effects when the output length is 0, and the source bytestring is a builtin msg.data or .code. The reason is that for these source locations, the...

CVE-2025-47774 Vyper's `slice()` may elide side-effects when output length is 0

Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, the slice builtin can elide side effects when the output length is 0, and the source bytestring is a builtin msg.data or .code. The reason is that for these source locations, the...

Vyper 安全漏洞

Vyper is a Pythonic smart contract language for EVM open sourced by vyperlang. A security vulnerability exists in Vyper 0.4.2rc1 and earlier versions, which stems from a slice function that may skip side-effect evaluation when the output length is zero...

PT-2025-21348 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions up to and including 0.4.2rc1 Description: The issue concerns the slice builtin in Vyper, which can elide side effects when the output length is 0 and the source bytestring is a builtin, such as msg.data or .code. This occurs...

SUSE CVE-2024-58253

In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that produces an invalid value...

CVE-2025-37821

In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se-slice being set to U64MAX and resulting crash There is a code path in dequeueentities that can set the slice of a schedentity to U64MAX, which sometimes results in a crash. The offending case is when...

UBUNTU-CVE-2025-37821

In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se-slice being set to U64MAX and resulting crash There is a code path in dequeueentities that can set the slice of a schedentity to U64MAX, which sometimes results in a crash. The offending case is when...

CVE-2025-37821

The CVE-2025-37821 issue in the Linux kernel’s scheduler (eevdf) caused se->slice to be set to U64_MAX during a complex dequeue sequence, leading to a large, destabilizing vruntime/vlag mismatch and a potential crash. The root cause was that, when dequeuing a delayed group entity whose parent ...