1104 matches found
CVE-2020-35858
An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service e.g., x86 or possibly remote code execution e.g., ARM...
CVE-2019-25001
An issue was discovered in the serdecbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags...
CVE-2020-35857
An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption...
CVE-2019-25001
An issue was discovered in the serdecbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags...
Stack overflow
An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption...
Code injection
An issue was discovered in the serdecbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags...
Remote code execution
An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service e.g., x86 or possibly remote code execution e.g., ARM...
CVE-2019-25001
An issue was discovered in the serdecbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags...
CVE-2019-25001
CVE-2019-25001 affects the Rust crate serde_cbor prior to 0.10.2. The CBOR deserializer can cause stack consumption when processing nested semantic tags, enabling potential resource exhaustion. The issue is confined to the crate’s deserialization path; affected versions are those before 0.10.2. R...
CVE-2019-25001
An issue was discovered in the serdecbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags...
CVE-2020-35857
The CVE-2020-35857 entry applies to the trust-dns-server crate in Rust, prior to version 0.18.1. The issue arises from how MX and SRV null targets are handled, leading to stack consumption (stack overflow) when processing additional records for MX/SRV targets, potentially causing a crash and DOS....
CVE-2020-35857
An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption...
Xpdf Stack Depletion Vulnerability
Xpdf is a free PDF viewer and toolkit that includes a text extractor, image converter, HTML converter and more. A stack consumption vulnerability exists in the FoFiType1C::getOp function in Xpdf 4.02. The vulnerability stems from a failure to correctly reference a subroutine in a Type 1C font...
CVE-2020-35376
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp function...
CVE-2020-35376
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp function...
CVE-2020-35376
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp function...
Design/Logic Flaw
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp function...
CVE-2020-35376
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp function...
CVE-2020-35376
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp function...
CVE-2020-35376
CVE-2020-35376 affects Xpdf 4.02, where FoFiType1C::getOp() misreferences a subroutine in a Type 1C font string, causing stack consumption. The Gentoo GLSA (GLSA-202405-18) recommends upgrading to Xpdf 4.04 or newer to fix the vulnerability. No exploitation details are provided in the connected d...