EUVD-2017-10101

Malware in sbrugna...

bpf: Guard stack limits against 32bit overflow

...

IBM WebSphere Application Server Liberty 20.0.0.12 < 24.0.0.11 DoS (7173097)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a DoS vulnerability as referenced in the 7173097 advisory. - Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can...

Security Bulletin: IBM PowerVM Novalink is vulnerable because Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit. (CVE-2024-7254)

Summary IBM PowerVM Novalink is vulnerable because Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with...

CVE-2023-52676

In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the 64-bit domain, instead of the current 32bit. The arithmetic implies adding together a 64-bit registe...

CVE-2023-52676

The CVE-2023-52676 issue affects the Linux kernel BPF verifier where stack bounds were inconsistently checked for 32-bit offsets, potentially overflowing 32-bit arithmetic when combining a 64-bit register with an offset. The patch moves stack-bound checks into the 64-bit domain and enforces tight...

SUSE CVE-2017-1085

In FreeBSD before 11.2-RELEASE, an application which calls setrlimit to increase RLIMITSTACK may turn a read-only memory region below the stack into a read-write region. A specially crafted executable could be exploited to execute arbitrary code in the user context...

CVE-2020-24345

JerryScript through 2.3.0 allows stack consumption via function anew new Proxya,JSON.parse"",a. NOTE: the vendor states that the problem is the lack of the --stack-limit option...

Design/Logic Flaw

JerryScript through 2.3.0 allows stack consumption via function anew new Proxya,JSON.parse"",a. NOTE: the vendor states that the problem is the lack of the --stack-limit option...

CVE-2020-24345

JerryScript through 2.3.0 allows stack consumption via function anew new Proxya,JSON.parse"",a. NOTE: the vendor states that the problem is the lack of the --stack-limit option...

CVE-2020-24345

JerryScript through 2.3.0 allows stack consumption via function anew new Proxya,JSON.parse"",a. NOTE: the vendor states that the problem is the lack of the --stack-limit option...

PT-2020-15696 · Jerryscript · Jerryscript

Name of the Vulnerable Software and Affected Versions: JerryScript versions prior to 2.3.0 Description: The issue is related to stack consumption via a function that utilizes new new Proxya, and JSON.parse"",a. The vendor notes that the problem stems from the lack of the --stack-limit option...

FreeBSD : FreeBSD -- posix_spawnp(3) buffer overflow (f8b46415-c264-11ea-8659-901b0ef719ab)

posixspawnp spawns a new thread with a limited stack allocated on the heap before delegating to execvp for the final execution within that thread. execvp would previously make unbounded allocations on the stack, directly proportional to the length of the user-controlled PATH environment variable...

Denial Of Service (DoS)

tiff is vulnerable to denial of service DoS. The vulnerability exists as a pcretest load test PoC produces a crash overflow in the function match in pcreexec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be use...

CVE-2017-16231

DISPUTED In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match in pcreexec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack th...

CVE-2017-16231

In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match in pcreexec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is use...

Input validation

DISPUTED In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match in pcreexec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack th...

CVE-2017-16231

In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match in pcreexec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is use...

CVE-2017-16231

In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match in pcreexec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is use...

Unbreakable Enterprise kernel security update

kernel-uek 3.8.13-118.24.3 - exec: Limit arg stack to at most 75% of STKLIM Kees Cook Orabug: 28710010 CVE-2018-14634...