OSV-2020-1715 Stack-buffer-overflow in ndpi_search_kerberos

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25446 Crash type: Stack-buffer-overflow READ 1 Crash state: ndpisearchkerberos checkndpiudpflowfunc ndpicheckflowfunc...

ndpi:fuzz_process_packet: Stack-buffer-overflow in ndpi_search_kerberos

Project: https://github.com/ntop/nDPI.git Detailed Report: https://oss-fuzz.com/testcase?key=5911626486906880 Project: ndpi Fuzzing Engine: afl Fuzz Target: fuzzprocesspacket Job Type: aflasanndpi Platform Id: linux Crash Type: Stack-buffer-overflow READ 1 Crash Address: 0x7ffcad929a57 Crash Stat...

squid:4 security update

libecap squid 7:4.4-8.2 - Resolves: 1872345 - CVE-2020-15811 squid:4/squid: HTTP Request Splitting could result in cache poisoning - Resolves: 1872330 - CVE-2020-15810 squid:4/squid: HTTP Request Smuggling could result in cache poisoning 7:4.4-8.1 - Resolves: 1828368 - CVE-2019-12519 squid:...

uwebsockets:TopicTree: Stack-buffer-overflow in uWS::TopicTree::trimTree

Project: https://github.com/uNetworking/uWebSockets.git Detailed Report: https://oss-fuzz.com/testcase?key=4864981424930816 Project: uwebsockets Fuzzing Engine: libFuzzer Fuzz Target: TopicTree Job Type: libfuzzerasanuwebsockets Platform Id: linux Crash Type: Stack-buffer-overflow WRITE 8 Crash...

rnp:fuzz_keyring: Stack-buffer-overflow in stream_write_key

Project: https://github.com/rnpgp/rnp.git Detailed Report: https://oss-fuzz.com/testcase?key=5745453998800896 Project: rnp Fuzzing Engine: libFuzzer Fuzz Target: fuzzkeyring Job Type: libfuzzerasanrnp Platform Id: linux Crash Type: Stack-buffer-overflow READ Crash Address: 0x7fff35f15c68 Crash...

Stack overflow

Verint 5620PTZ VerintFW042 and Verint 4320 V4320FW023, and V4320FW031 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not requi...

CVE-2020-24055

Verint 5620PTZ VerintFW042 and Verint 4320 V4320FW023, and V4320FW031 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not requi...

CVE-2020-24055

The CVE-2020-24055 entry applies to Verint 5620PTZ and Verint V4320 series (Firmwares: Verint_FW_0_42, V4320_FW_0_23, V4320_FW_0_31). An autodiscovery service in /usr/sbin/DM listens on TCP port 6666 and is vulnerable to a stack-based buffer overflow. The service requires no authentication, enabl...

The vulnerability of Moxa EDR-G902 and Moxa EDR-G903 router microprogramming software lies in buffer overflow in the stack, allowing attackers to execute arbitrary code.

The vulnerability of Moxa EDR-G902 and Moxa EDR-G903 router microprogramming software is related to buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted cookie file...

MSI Ambient Link Multiple Vulnerabilities

1. Advisory Information Title: MSI Ambient Link Multiple Vulnerabilities Advisory ID: CORE-2020-0012 Advisory URL: https://www.coresecurity.com/core-labs/advisories/msi-ambient-link-multiple-vulnerabilities Date published: 2020-08-19 Date of last update: 2020-08-19 Vendors contacted: MSI Release...

Stack overflow

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function. The function parsing the received SNMP request does not verify the input message's requested variables against the capacity of the internal SNMP engine buffer. When a bulk get...

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.

...

sleuthkit:sleuthkit_fls_iso9660_fuzzer: Stack-buffer-overflow in parse_susp

Detailed Report: https://oss-fuzz.com/testcase?key=5740954167017472 Project: sleuthkit Fuzzing Engine: afl Fuzz Target: sleuthkitflsiso9660fuzzer Job Type: aflasansleuthkit Platform Id: linux Crash Type: Stack-buffer-overflow READ Crash Address: 0x7ffc279b0520 Crash State: parsesusp...

Denial Of Service (DoS)

clamav is vulnerable to denial of service DoS. The vulnerability exists as a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device...

NETGEAR R6700 Stack Buffer Overflow Vulnerability

The NETGEAR R6700 is an AC1750 Smart WiFi Router. A stack buffer overflow vulnerability exists in the acsd service in the NETGEAR R6700 prior to version 1.0.4.98. The vulnerability stems from a failure to properly validate the length of user-supplied data before copying it to a fixed-length stack...

binutils:fuzz_bfd: Stack-buffer-overflow in bfd_getl32

Detailed Report: https://oss-fuzz.com/testcase?key=5389726430003200 Project: binutils Fuzzing Engine: honggfuzz Fuzz Target: fuzzbfd Job Type: honggfuzzasanbinutils Platform Id: linux Crash Type: Stack-buffer-overflow READ 1 Crash Address: 0x7fffa22fd740 Crash State: bfdgetl32 vmstraverseindex...

OSV-2020-1558 Stack-buffer-overflow in dst_print_s2k

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24538 Crash type: Stack-buffer-overflow READ 1 Crash state: dstprints2k streamdumppacketsraw streamdumppackets...

rdkit:mol_data_stream_to_mol_fuzzer: Stack-buffer-overflow in RDKit::ParseMolBlockProperties

Detailed Report: https://oss-fuzz.com/testcase?key=5068710860292096 Project: rdkit Fuzzing Engine: libFuzzer Fuzz Target: moldatastreamtomolfuzzer Job Type: libfuzzerasani386rdkit Platform Id: linux Crash Type: Stack-buffer-overflow READ 1 Crash Address: 0xffca746f Crash State:...

EulerOS 2.0 SP8 : squid (EulerOS-SA-2020-1828)

According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This functi...

assimp:assimp_fuzzer: Stack-buffer-overflow in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch

Detailed Report: https://oss-fuzz.com/testcase?key=4847905282981888 Project: assimp Fuzzing Engine: libFuzzer Fuzz Target: assimpfuzzer Job Type: libfuzzerasanassimp Platform Id: linux Crash Type: Stack-buffer-overflow READ 8 Crash Address: 0x7ffc14401cd0 Crash State: std::1::basicstring,...