SUSE SLED12 / SLES12 Security Update : zziplib (SUSE-SU-2024:2926-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2926-1 advisory. - CVE-2024-39134: Fixed a stack buffer overflow via the zzipfetchdisktrailer bsc1227178 Tenable has extracted the...

SUSE SLED15 / SLES15 Security Update : zziplib (SUSE-SU-2024:2925-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2925-1 advisory. - CVE-2024-39134: Fixed a stack buffer overflow via the zzipfetchdisktrailer bsc1227178 Tenable has extracted the...

SUSE-SU-2024:2926-1 Security update for zziplib

This update for zziplib fixes the following issues: - CVE-2024-39134: Fixed a stack buffer overflow via the zzipfetchdisktrailer bsc1227178...

SUSE-SU-2024:2925-1 Security update for zziplib

This update for zziplib fixes the following issues: - CVE-2024-39134: Fixed a stack buffer overflow via the zzipfetchdisktrailer bsc1227178...

Delta Electronics DIAScreen Stack Buffer Vulnerability

Delta Electronics DIAScreen is an intelligent desktop builder from Delta Electronics in China. A stack buffer vulnerability exists in Delta Electronics DIAScreen, which can be exploited by an attacker to execute arbitrary code...

The vulnerability of the RemoveEnding() function in the Espeak speech synthesiser allows a hacker to trigger a service failure.

The vulnerability of the RemoveEnding function in the Espeak speech synthesizer is related to stack buffer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2023-50809

CVE-2023-50809 affects Sonos devices (Amp, Arc, Arc SL, Beam, Beam Gen 2, Beam SL, Five) due to a stack buffer overflow in the mt_7615.ko wireless driver during WPA2 four-way handshake negotiation. The root cause is improper validation of an information element, enabling remote code execution wit...

json-c: Buffer Overflow

Background json-c is a JSON implementation in C. Description Please review the CVE identifier referenced below for details. Impact A stack-buffer-overflow exists in the auxiliary sample program jsonparse which is located in the function parseit. Workaround There is no known workaround at this tim...

SUSE-SU-2024:2784-1 Security update for curl

This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread bsc1228535 - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str bsc1227888...

DEBIAN-CVE-2024-7538

oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

OSV-2024-695 Stack-buffer-overflow in gf_vvc_parse_nalu_bs

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70549 Crash type: Stack-buffer-overflow WRITE 4 Crash state: gfvvcparsenalubs gfinspectdumpnaluinternal inspectprocess...

SUSE SLED15: espeak-ng / espeak-ng-compat / espeak-ng-compat-devel / etc (SUSE-SU-2024:2632-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2632-1 advisory. - CVE-2023-49990: Fixed buffer overflow in SetUpPhonemeTable function at synthdata.c bsc1218010 ...

SUSE-SU-2024:2632-1 Security update for espeak-ng

This update for espeak-ng fixes the following issues: - CVE-2023-49990: Fixed buffer overflow in SetUpPhonemeTable function at synthdata.c bsc1218010 - CVE-2023-49991: Fixed stack-buffer-underflow exists in the function CountVowelPosition in synthdata.c bsc1218006 - CVE-2023-49992: Fixed...

DEBIAN-CVE-2024-6197

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

CVE-2024-6874

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

AZL-49664 CVE-2024-6874 affecting package cmake for versions less than 3.30.3-2

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

ALPINE-CVE-2024-6874

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

AZL-47028 CVE-2024-6197 affecting package cmake for versions less than 3.30.3-2

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

freeing stack buffer in utf8asn1str

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. It can detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte local stack buffer. Most modern malloc implementations detect this error and immediately abort...

macidn punycode buffer overread

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...