SUSE SLED15 / SLES15 Security Update : opensc (SUSE-SU-2022:1156-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1156-1 advisory. - A heap use after free issue was found in Opensc before version 0.22.0 in scfilevalid. CVE-2021-42779 - A use...

OSV-2022-331 Stack-buffer-overflow in void unwindstack::Symbols::BuildRemapTable<Elf64_Sym>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46546 Crash type: Stack-buffer-overflow READ Crash state: void unwindstack::Symbols::BuildRemapTable bool unwindstack::Symbols::GetName unwindstack::ElfInterfaceImpl::GetFunctionName...

ASUS RT-AX56U Stack Buffer Overflow Vulnerability

The ASUS RT-AX56U is a wireless router from ASUS of Taiwan, China. The ASUS RT-AX56U suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code, perform arbitrary operations, or interrupt services...

Backdoor.Win32.Wisell Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/837ec70bfb305b5c862ff9b04e70a318B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wisell Vulnerability: Stack Buffer Overflow SEH Description: The malware listens on...

Stack buffer overflow in XML entity parsing

Description Attempting to parse a XML/SVG file containing an !ENTITY with a sufficiently long name into a fixed sized, stack allocated buffer causes an overflow. Proof of Concept ./bin/gcc/gpac -play ./poc-clean.svg poc-clean.svg available here GDB stack smashing detected : terminated Thread 1...

SUSE SLES15 Security Update : binutils (SUSE-SU-2022:0934-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0934-1 advisory. - For compatibility on old code stream that expect 'brcl 0,label' to not be disassembled as 'jgnop label' on s390x. bsc1192267 This...

Netatalk 安全漏洞

Netatalk is open source software that provides AFP file server functionality for Classic Mac OS and macOS on Unix-like OS. A security vulnerability exists in Netatalk that stems from a failure to properly validate the length of user-supplied data before copying it to a fixed-length stack-based...

CVE-2022-24764

PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API pjmediasdpprint, pjmediasdpmediaprint. Applications that do not use PJSUA2 and do not directly...

OSV-2022-270 Stack-buffer-overflow in fn_ElIn_evaluate

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45886 Crash type: Stack-buffer-overflow WRITE 4 Crash state: fnElInevaluate pdfisettransfer GSTR...

CVE-2022-24764 Stack buffer overflow in pjproject

PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API pjmediasdpprint, pjmediasdpmediaprint. Applications that do not use PJSUA2 and do not directly...

CVE-2022-24764 Stack buffer overflow in pjproject

PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API pjmediasdpprint, pjmediasdpmediaprint. Applications that do not use PJSUA2 and do not directly...

Huawei Emui and Magic UI video framework stack buffer overflow vulnerability

Huawei Emui is a mobile operating system developed on Android. Magic Ui is a mobile operating system developed on Android. Huawei Emui and Magic UI video framework are vulnerable to a stack buffer overflow vulnerability that can be exploited by attackers to impact usability...

OSV-2022-237 Stack-buffer-overflow in sc_format_oid

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45459 Crash type: Stack-buffer-overflow READ Crash state: scformatoid dostoredataobject fuzzpkcs15init.c...

CVE-2022-24754

PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials credentials with datatype PJSIPCREDDATADIGEST...

The vulnerability of NETGEAR D7000 router’s built-in software arises from buffer overflows in the stack, allowing attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of NETGEAR D7000 router’s built-in software arises from buffer overflow on the stack. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

CVE-2022-24754 Buffer overflow in pjsip

PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials credentials with datatype PJSIPCREDDATADIGEST...

CVE-2022-24754

PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials credentials with datatype PJSIPCREDDATADIGEST...

CVE-2022-24754

The CVE-2022-24754 entry concerns PJSIP (pjproject) embedded in Ring. A stack-buffer overflow affects PJSIP users that accept hashed digest credentials (data_type PJSIP_CRED_DATA_DIGEST) in versions up to 2.12. The issue is resolved in the master branch and will be included in the next release; u...

CVE-2022-24754

PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials credentials with datatype PJSIPCREDDATADIGEST...

CVE-2021-46408

Tenda AX12 v22.03.01.21 was discovered to contain a stack buffer overflow in the function sub422CE4. This vulnerability allows attackers to cause a Denial of Service DoS via the strcpy parameter...