dhcpcd -- remote code execution/denial of service

MITRE reports: The printoption function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of...

FreeBSD : mini_httpd -- buffer overflow via snprintf (84dc49b0-b267-11e5-8a5b-00262d5ed8ee)

ACME Updates reports : minihttpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read. rene ACME, the author, claims that the...

Vulnerabilities found through code inspection — Mozilla

Security researcher Ronald Crane reported eight vulnerabilities affecting released code that were found through code inspection. These included several potential memory safety issues resulting from the use of snprintf, one use of unowned memory, one use of a string without overflow checks, and fi...

CVE-2014-7913

The printoption function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service memory...

Updated postgresql package fixes security vulnerability

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service crash by closing an SSL session at a time when the authentication timeout will expire during the session...

postgresql: multiple issues

CVE-2015-3165 denial of service SSL clients disconnecting just before the authentication timeout expires can cause the server to crash via a double-free issue leading to denial of service. - CVE-2015-3166 information disclosure The replacement implementation of snprintf failed to check for errors...

Debian DSA-3270-1 : postgresql-9.4 - security update

Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. - CVE-2015-3165 Remote crash SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. - CVE-2015-3166 Information exposure The replacement implementation of snprintf...

Debian DSA-3269-1 : postgresql-9.1 - security update

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. - CVE-2015-3165 Remote crash SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. - CVE-2015-3166 Information exposure The replacement implementation of snprintf...

CVE-2015-3166

The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, a...

Debian Security Advisory DSA 3269-1 (postgresql-9.1 - security update)

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. CVE-2015-3165 Remote crash SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. CVE-2015-3166 Information exposure The replacement implementation of snprintf failed...

UBUNTU-CVE-2015-3166

The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, a...

mini_httpd -- buffer overflow via snprintf

ACME Updates reports: minihttpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read. rene ACME, the author, claims that the...

ProFTPD 1.2 pre6 snprintf Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/650/info Lack of user input validation in ProFTPD can lead to a remote root vulnerability. On systems that support it ProFTPD will attempt to modify the name of the program being executed argv0 to display the command bein...

PHP 5.3.3 ibase_gen_id() off-by-one Overflow Vulnerability

No description provided by source. === Vulnerability === PHP 5.3.3 Possible All versions ibasegenid off-by-one overflow === Author === cb === Description === User-supplied variable generator copied to 128 byte buffer query size of query variable. So its cause off-by-one overflow. You can see 1...

MiniUPnPd Information Disclosure (CVE-2013-2600)

Hi list, I am writing to inform you of an information disclosure vulnerability I noticed in MiniUPnPd a few months back. Specifically, MiniUPnPd versions 1.8 and earlier are prone to an information disclosure vulnerability due to improper use of snprintf while preparing SSDP responses. An attacke...

FreeBSD : spamdyke -- Buffer Overflow Vulnerabilities (7d2336c2-4607-11e1-9f47-00e0815b8da8)

Secunia reports : Fixed a number of very serious errors in the usage of snprintf/vsnprintf. The return value was being used as the length of the string printed into the buffer, but the return value really indicates the length of the string that could be printed if the buffer were of infinite size...

spamdyke -- Buffer Overflow Vulnerabilities

Secunia reports: Fixed a number of very serious errors in the usage of snprintf/vsnprintf. The return value was being used as the length of the string printed into the buffer, but the return value really indicates the length of the string that could be printed if the buffer were of infinite size...

PHP 5.3.3 - 'ibase_gen_id()' Off-by-One Overflow

=== Vulnerability === PHP 5.3.3 Possible All versions ibasegenid off-by-one overflow === Author === cb === Description === User-supplied variable "generator" copied to 128 byte buffer "query" size of query variable. So its cause off-by-one overflow. You can see 1 snprintf copy statement to "query...

PHP 5.3.3 ibase_gen_id() off-by-one Overflow Vulnerability

Exploit for php platform in category dos / poc ========================================================== PHP 5.3.3 ibasegenid off-by-one Overflow Vulnerability ========================================================== === Vulnerability === PHP 5.3.3 Possible All versions ibasegenid off-by-one...

PHP 5.3.3 - ibase_gen_id() Off-by-One Overflow

PHP 5.3.3 - ibasegenid Off-by-One Overflow === Vulnerability === PHP 5.3.3 Possible All versions ibasegenid off-by-one overflow === Author === cb === Description === User-supplied variable "generator" copied to 128 byte buffer "query" size of query variable. So its cause off-by-one overflow. You...