Lucene search
K

36 matches found

Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.12 views

PT-2026-55811

Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description An integer overflow occurs in the r str ndup and r str append functions within the libr/util/str.c file. This issue requires local access to be exploited. Recommendations Apply the patch...

5.5CVSS5.9AI score0.00131EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2026/06/25 11:43 p.m.6 views

CVE-2026-54679

A flaw was found in jq, a command-line JSON processor. On 32-bit systems, a local attacker could exploit an integer overflow vulnerability in the jvpstringappend function. This could lead to a massive buffer overrun, resulting in a denial of service DoS condition. Mitigation Mitigation for this...

6.9CVSS5.8AI score0.00103EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 5:16 p.m.2 views

CVE-2026-54679 jq: potential integer overflow in jvp_string_append

jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvpstringappend has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2...

6.9CVSS6.1AI score0.00103EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 5:16 p.m.7 views

EUVD-2026-39499

jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvpstringappend has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2...

6.9CVSS6AI score0.00103EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 5:16 p.m.34 views

CVE-2026-54679

CVE-2026-54679 affects the jq tool prior to version 1.8.2 on 32-bit systems. The vulnerability is in jvp_string_append where an integer overflow could trigger a massive buffer overrun, with a local attack vector and potential high impact on availability as described in the CVE. The issue is fixed...

6.9CVSS6AI score0.00103EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/25 5:16 p.m.9 views

CVE-2026-54679

jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvpstringappend has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2...

6.9CVSS6AI score0.00103EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52519

Name of the Vulnerable Software and Affected Versions jq versions prior to 1.8.2 Description On 32-bit systems, the jvp string append function is susceptible to integer or multiplication overflow, which can lead to a significant buffer overrun. A buffer overrun occurs when a program writes more...

6.9CVSS5.9AI score0.00103EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.11 views

PT-2026-38867

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be writte...

7.5CVSS5.8AI score0.00419EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.14 views

PT-2026-38053

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be writte...

7.5CVSS6.4AI score0.00419EPSS
Exploits0References4
OSV
OSV
added 2026/05/04 7:55 a.m.11 views

CLSA-2026-1777881308 jq: Fix of 2 CVEs

CVE-2026-32316: fix heap buffer overflow in jvpstringappend and jvpstringcopyreplacebad - CVE-2026-39979: fix out-of-bounds read in jvparsesized...

8.2CVSS6AI score0.00559EPSS
Exploits2References1
Microsoft CVE
Microsoft CVE
added 2026/04/17 8:1 a.m.7 views

jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow

...

8.2CVSS5.7AI score0.00484EPSS
Exploits1
CVE
CVE
added 2026/04/13 5:49 p.m.54 views

CVE-2026-32316

CVE-2026-32316 affects jq up to and including 1.8.1, where the functions jvp_string_append() and jvp_string_copy_replace_bad() lack string size bounds checks. Concatenating strings that exceed 2^31 bytes causes a 32-bit unsigned overflow in buffer allocation, producing a heap buffer overflow (CWE...

8.2CVSS6.1AI score0.00484EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/06 2:29 p.m.5 views

JLSEC-2026-58

An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend function in common/unistr.cpp...

8.8CVSS7AI score0.02669EPSS
Exploits0References36
OSV
OSV
added 2026/04/04 5:45 a.m.2 views

GHSA-2C6H-4899-WJXR scaly: Multiple soundness issues in Rust safe APIs

Affected versions contain multiple safe APIs that can trigger undefined behavior: - Array::index can perform an out-of-bounds read. - String::getlength can perform an out-of-bounds read. - String::appendcharacter can perform an invalid write. - String::tocstring can perform an out-of-bounds write...

8.7CVSS5.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/04 5:45 a.m.13 views

scaly: Multiple soundness issues in Rust safe APIs

Affected versions contain multiple safe APIs that can trigger undefined behavior: - Array::index can perform an out-of-bounds read. - String::getlength can perform an out-of-bounds read. - String::appendcharacter can perform an invalid write. - String::tocstring can perform an out-of-bounds write...

5.9AI score
Exploits0References3Affected Software1
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.8 views

Astra Linux – Vulnerability in mongo-c-driver

The bsonstringappend function in the MongoDB C Driver may be vulnerable to a buffer overflow. In this scenario, the function might attempt to allocate a buffer that is too small, which could lead to memory corruption in the neighboring heap memory. This issue affects versions of libbson prior to...

5.3CVSS7.9AI score0.00625EPSS
Exploits0References3
OSV
OSV
added 2025/10/19 10:31 p.m.8 views

JLSEC-2025-167 A flaw was found in how GLib’s GString manages memory when adding data to strings

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be writte...

7.5CVSS6.8AI score0.00419EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2025/10/14 6:5 p.m.6 views

Astra Linux - уязвимость в glib2.0

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be writte...

7.5CVSS6.9AI score0.00419EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-0576

Malware in sbrugna...

5CVSS5.5AI score0.02432EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2025/06/14 3:1 a.m.7 views

SUSE CVE-2025-6052

A flaw was found in how GLib's GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn't. As a result, data may be writte...

7.8CVSS4.7AI score0.00419EPSS
Exploits0References6
Rows per page
Query Builder