CVE-2017-6451

The mx4200send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write...

shopify-scripts: sprintf gem - format string combined attack

In the sprintf gem, NOT included in mruby-engine, there are severe vulnerabilities, including information leak, and heap buffer overflow. Here are the technical details. Technical Error 1: ============== The CHECKl macro can sometimes receive negative values, that will bypass the size checks, sin...

Wireshark H.225 Parser Denial of Service Vulnerability

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial of service vulnerability exists in the epan/dissectors/packet-h225.c file in th...

DEBIAN-CVE-2016-7176

epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service copy overlap and application crash via a crafted packet...

UBUNTU-CVE-2016-7176

epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service copy overlap and application crash via a crafted packet...

The vulnerability of the Android operating system, which allows a hacker to trigger a service failure

The vulnerability of the Wi-Fi driver of the Qualcomm Android operating system is related to incorrect calls to the snprintf function. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause a service failure device freezing and reboots using specially crafted fram...

UBUNTU-CVE-2014-9901

The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 2013 devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service device hang or reboot via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711...

UBUNTU-CVE-2016-5114

sapi/fpm/fpm/fpmlog.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service out-of-bounds read and buffer overflow via a long...

dhcpcd -- remote code execution/denial of service

MITRE reports: The printoption function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of...

FreeBSD : mini_httpd -- buffer overflow via snprintf (84dc49b0-b267-11e5-8a5b-00262d5ed8ee)

ACME Updates reports : minihttpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read. rene ACME, the author, claims that the...

Vulnerabilities found through code inspection — Mozilla

Security researcher Ronald Crane reported eight vulnerabilities affecting released code that were found through code inspection. These included several potential memory safety issues resulting from the use of snprintf, one use of unowned memory, one use of a string without overflow checks, and fi...

DEBIAN-CVE-2014-7913

The printoption function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service memory...

UBUNTU-CVE-2014-7913

The printoption function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service memory...

CVE-2014-7913

The printoption function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service memory...

Updated postgresql package fixes security vulnerability

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service crash by closing an SSL session at a time when the authentication timeout will expire during the session...

postgresql: multiple issues

CVE-2015-3165 denial of service SSL clients disconnecting just before the authentication timeout expires can cause the server to crash via a double-free issue leading to denial of service. - CVE-2015-3166 information disclosure The replacement implementation of snprintf failed to check for errors...

PostgreSQL 'snprintf()' Information Disclosure Vulnerability

PostgreSQL is an object-relational database management system that supports an extended subset of SQL standards. In PostgreSQL versions 9.3 and 9.4, the replacement implementation of the function snprintf fails to check for errors reported by the lower-level database, which may result in...

Debian DSA-3269-1 : postgresql-9.1 - security update

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. - CVE-2015-3165 Remote crash SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. - CVE-2015-3166 Information exposure The replacement implementation of snprintf...

Debian DSA-3270-1 : postgresql-9.4 - security update

Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. - CVE-2015-3165 Remote crash SSL clients disconnecting just before the authentication timeout expires can cause the server to crash. - CVE-2015-3166 Information exposure The replacement implementation of snprintf...

CVE-2015-3166

The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, a...