CVE-2024-34050

Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64b216 | uint64b18 | uint64b0" in reader.go...

CVE-2024-34050

Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 is affected by a slice bounds out-of-range panic in reader.go, triggered by returning uint64(b[2])<<16 | uint64(b[1])<

PT-2024-25668 · Open Networking Foundation · Rimedo-Ts

Name of the Vulnerable Software and Affected Versions: Open Networking Foundation SD-RAN Rimedo rimedo-ts version 0.1.1 Description: The issue is related to a slice bounds out-of-range panic in the code. Specifically, the problem occurs in the line "return uint64b216 | uint64b18 | uint64b0" in th...

CVE-2024-34050

Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64b216 | uint64b18 | uint64b0" in reader.go...

PT-2024-25666 · Open Networking Foundation · Rimedo-Ts

Name of the Vulnerable Software and Affected Versions: Open Networking Foundation SD-RAN Rimedo rimedo-ts version 0.1.1 Description: The issue is related to a slice bounds out-of-range panic in the "return plmnIdString0:3, plmnIdString3:" line in reader.go. This indicates a problem with how the...

CVE-2024-34049

Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 is affected by a slice bounds out-of-range panic in reader.go when executing plmnIdString[0:3] and plmnIdString[3:]. The issue arises from improper bounds handling on the plmnIdString slice, which can lead to a crash (reported as DoS in som...

vyper performs double eval of the slice start/length args in certain cases

Summary Using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects. A contract search was performed and no vulnerable contracts were found in production. Having...

PYSEC-2024-207

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects...

CVE-2024-32646 vyper performs double eval of the slice args when buffer from adhoc locations

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects...

CVE-2024-32646 vyper performs double eval of the slice args when buffer from adhoc locations

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects...

CVE-2024-32646

Vyper CVE-2024-32646 affects the Pythonic smart contract language. The vulnerability concerns the builtin slice when the buffer is msg.data, self.code, or .code and either the start or length has side-effects, causing a double evaluation of those side-effects. It is triggerable only in versions e...

PT-2024-24739 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.10 and prior Description: Using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects. The...

CVE-2024-29903

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on...

The vulnerability of the slice_segment_header() function in the Libde265 video codec implementation allows a hacker to cause a service failure.

The vulnerability of the slicesegmentheader function in the Libde265 video codec implementation is related to the copying of buffers without checking the input size. Exploiting this vulnerability could allow an attacker to cause service interruptions...

BIT-TENSORFLOW-2021-37686 Infinite loop in TensorFlow Lite

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker ca...

BIT-GOLANG-2021-41771

ImportedSymbols in debug/macho for Open or OpenFat in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation...

BIT-ETCD-2020-15106 Improper Input Validation in etcd

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentional...

Fails to ensure slice elements match the slice's declared type

Affected versions allow populating a DistributedSlice of T with elements of an arbitrary other type that coerces to T. For example, elements of type &&str could end up in a slice of type &str, since &&str coerces to &str via a deref coercion. The flaw was corrected by implementing typechecking fo...

RUSTSEC-2024-0407 Fails to ensure slice elements match the slice's declared type

Affected versions allow populating a DistributedSlice of T with elements of an arbitrary other type that coerces to T. For example, elements of type &&str could end up in a slice of type &str, since &&str coerces to &str via a deref coercion. The flaw was corrected by implementing typechecking fo...

PT-2024-40951 · Crates.Io · Linkme

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned, use: Software affected versions not specified Description: The issue allows populating a DistributedSlice of T with elements of an arbitrary other type that coerces to T. For example, elements of ty...