Stack overflow

ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7uZRDGR2A68 is vulnerable to remote stack buffer overflow...

CVE-2022-45957

ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7uZRDGR2A68 is vulnerable to remote stack buffer overflow...

CVE-2022-45957

CVE-2022-45957 affects the ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68. The vulnerability is a remote stack buffer overflow in the device, with impact characterized as HIGH for availability (the CVE notes the device can crash) and no confidentiality or integrity impact....

ZTE ZXHN-H108NS 缓冲区错误漏洞

The ZTE ZXHN-H108NS is a wireless router from China's ZTE Corporation ZTE. The ZTE ZXHN-H108NS suffers from a stack buffer overflow vulnerability that can be exploited by remote attackers to cause the device to crash...

Amazon Linux AMI : libtiff (ALAS-2022-1644)

The version of libtiff installed on the remote host is prior to 4.0.3-35.42. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1644 advisory. A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main function. This flaw allows an attacker to pass a...

FreeBSD : FreeBSD -- ping stack buffer overflow (FreeBSD-SA-22:15.ping)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FreeBSD-SA-22:15.ping advisory. - ping contains a stack buffer overflow in the handling of incoming ICMP packets. A remote attacker can send specially...

Amazon Linux 2 : libtiff (ALAS-2022-1891)

The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1891 advisory. A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main function. This flaw allows an attacker to pass a...

OSV-2022-1232 Stack-buffer-overflow in sc_pkcs15init_rmdir

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53927 Crash type: Stack-buffer-overflow WRITE 1 Crash state: scpkcs15initrmdir scpkcs15initerasecardrecursively cardoserase...

ASB-A-239267173

In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

SUSE SLES12 Security Update : binutils (SUSE-SU-2022:4277-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4277-1 advisory. The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcppfile.h bsc1142579. -...

OSV-2022-1208 Stack-buffer-overflow in cmap_put_ranges

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53711 Crash type: Stack-buffer-overflow READ 1 Crash state: cmapputranges psfwritecmap pdfwritecmap...

OSV-2022-1201 Stack-buffer-overflow in msc_zero_object

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53631 Crash type: Stack-buffer-overflow WRITE Crash state: msczeroobject msccreateobject musclecreatedirectory...

CVE-2022-36337

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code...

Insyde InsydeH2O 缓冲区错误漏洞

Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O versions 5.0 through 5.5, which is caused...

CVE-2022-36337

CVE-2022-36337 affects Insyde InsydeH2O, with kernel 5.0–5.5. A stack buffer overflow in the MebxConfiguration driver can cause arbitrary code execution when a UEFI variable is read by BIOS code, potentially enabling local compromise. Remediation guidance present in PT-2022-23314 suggests tempora...

Stack overflow

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the...

CVE-2022-35407

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the...

CVE-2022-35407

The CVE concerns InsydeH2O’s SetupUtility driver on Intel platforms, affected versions 5.0–5.5. A stack buffer overflow from handling two UEFI variables allows arbitrary code execution when the second variable exceeds the first, enabling modification of certain UEFI variables. Impact is local, wi...

CVE-2022-35897

CVE-2022-35897 affects Insyde InsydeH2O kernel 5.0–5.5. A stack buffer overflow occurs when an attacker modifies certain UEFI variables, potentially causing arbitrary code execution. Exploitation requires direct SPI modification and the attacker must change at least two of three variables (Secure...

CVE-2022-35897

An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally...