LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

Summary LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined with a string flattening operation e.g., replace filter, this causes a V8 Fatal error that crashes the...

PT-2024-40555 · Git +1 · Icu

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A heap-buffer-overflow read issue was identified, potentially causing a crash. The crash type is specified as Heap-buffer-overflow READ 2, with the crash state involving a string...

Denial Of Service (DoS)

samba is vulnerable to denial of service. The application does not verify device name and mountpoint strings, allowing local users to crash the application via a malicious string...

PT-2019-2567 · Abb · Abb Idal Ftp Server

Name of the Vulnerable Software and Affected Versions: ABB IDAL HTTP server affected versions not specified Description: The issue is related to the mishandling of format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%2...

Security issues addressed in Firefox 6 — Mozilla

Miscellaneous memory safety hazards rv:4.0 Impact: Critical Description: Mozilla identified and fixed several memory safety bugs in the browser engine used in Firefox 4, Firefox 5 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances...

Security issues addressed in SeaMonkey 2.3 — Mozilla

Miscellaneous memory safety hazards rv:4.0 Impact: Critical Description: Mozilla identified and fixed several memory safety bugs in the browser engine used in SeaMonkey 2.2 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and w...

Opera / Mozilla Firefox 3.6 - Long String Crash

======================================================================= Mozilla Firefox 3.6 plenitude String Crash0day Exploit Opera plenitude String Denial of Service Exploit ======================================================================= by Asheesh Kumar Mani Tripathi code by Asheesh...

Opera Mozilla Firefox 3.6 - Long String Crash

Opera Mozilla Firefox 3.6 - Long String Crash ======================================================================= Mozilla Firefox 3.6 plenitude String Crash0day Exploit Opera plenitude String Denial of Service Exploit ======================================================================= by...

Conti FTP Server 1.0 - Large String Denial of Service

Conti FTP Server 1.0 - Large String Denial of Service source: https://www.securityfocus.com/bid/24672/info The Conti FTP Server is prone to a denial-of-service vulnerability. A remote attacker may be able to exploit this issue to deny service to legitimate users of the application. Conti FTP Serv...