36 matches found
PT-2026-55811
Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description An integer overflow occurs in the r str ndup and r str append functions within the libr/util/str.c file. This issue requires local access to be exploited. Recommendations Apply the patch...
CVE-2026-54679
A flaw was found in jq, a command-line JSON processor. On 32-bit systems, a local attacker could exploit an integer overflow vulnerability in the jvpstringappend function. This could lead to a massive buffer overrun, resulting in a denial of service DoS condition. Mitigation Mitigation for this...
EUVD-2026-39499
jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvpstringappend has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2...
CVE-2026-54679
jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvpstringappend has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2...
CVE-2026-54679
CVE-2026-54679 affects the jq tool prior to version 1.8.2 on 32-bit systems. The vulnerability is in jvp_string_append where an integer overflow could trigger a massive buffer overrun, with a local attack vector and potential high impact on availability as described in the CVE. The issue is fixed...
CVE-2026-54679 jq: potential integer overflow in jvp_string_append
jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvpstringappend has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2...
PT-2026-52519
Name of the Vulnerable Software and Affected Versions jq versions prior to 1.8.2 Description On 32-bit systems, the jvp string append function is susceptible to integer or multiplication overflow, which can lead to a significant buffer overrun. A buffer overrun occurs when a program writes more...
PT-2026-38867
A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be writte...
PT-2026-38053
A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be writte...
CLSA-2026-1777881308 jq: Fix of 2 CVEs
CVE-2026-32316: fix heap buffer overflow in jvpstringappend and jvpstringcopyreplacebad - CVE-2026-39979: fix out-of-bounds read in jvparsesized...
jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow
...
CVE-2026-32316
CVE-2026-32316 affects jq up to and including 1.8.1, where the functions jvp_string_append() and jvp_string_copy_replace_bad() lack string size bounds checks. Concatenating strings that exceed 2^31 bytes causes a 32-bit unsigned overflow in buffer allocation, producing a heap buffer overflow (CWE...
JLSEC-2026-58
An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend function in common/unistr.cpp...
scaly: Multiple soundness issues in Rust safe APIs
Affected versions contain multiple safe APIs that can trigger undefined behavior: - Array::index can perform an out-of-bounds read. - String::getlength can perform an out-of-bounds read. - String::appendcharacter can perform an invalid write. - String::tocstring can perform an out-of-bounds write...
GHSA-2C6H-4899-WJXR scaly: Multiple soundness issues in Rust safe APIs
Affected versions contain multiple safe APIs that can trigger undefined behavior: - Array::index can perform an out-of-bounds read. - String::getlength can perform an out-of-bounds read. - String::appendcharacter can perform an invalid write. - String::tocstring can perform an out-of-bounds write...
Astra Linux – Vulnerability in mongo-c-driver
The bsonstringappend function in the MongoDB C Driver may be vulnerable to a buffer overflow. In this scenario, the function might attempt to allocate a buffer that is too small, which could lead to memory corruption in the neighboring heap memory. This issue affects versions of libbson prior to...
JLSEC-2025-167 A flaw was found in how GLib’s GString manages memory when adding data to strings
A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be writte...
Astra Linux - уязвимость в glib2.0
A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be writte...
EUVD-2015-0576
Malware in sbrugna...
SUSE CVE-2025-6052
A flaw was found in how GLib's GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn't. As a result, data may be writte...