24 matches found
GHSA-Q6X5-8V7M-XCRF protobufjs has overlong UTF-8 decoding
Summary protobufjs includes a minimal UTF-8 decoder used in non-Node and fallback decoding paths. The affected decoder accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. The issue concerns overlong encodings and code points outside the...
Linux Distros Unpatched Vulnerability : CVE-2026-30923
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity ...
RUSTSEC-2026-0111 Possible UTF-8 corruption in Diesels SQLite backend
Diesel uses the sqlite3valuetext function to receive strings from SQLite while deserializing query results. We misinterpreted the corresponding SQLite documentation that this function always returns a UTF-8 encoded string values as const cchar. Based on that we used str::fromutf8unchecked to...
SUSE CVE-2023-53729
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAXLEN + 1. If a string is actually MAXLEN + 1 length, this wil...
CVE-2023-53729 soc: qcom: qmi_encdec: Restrict string length in decode
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAXLEN + 1. If a string is actually MAXLEN + 1 length, this wil...
PT-2025-43130
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel related to Qualcomm QMI encoding and decoding. The QMI TLV value for strings within various QMI element info structures allocates space for...
EUVD-2022-6334
Malicious code in bioql PyPI...
CVE-2024-41125 Out-of-bounds read in SNMP when decoding a string in Contiki-NG
Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The...
Nanopb 缓冲区错误漏洞
Nanopb is a protocol buffer implementation for microprocessors from the individual developers of Nanopb. A security vulnerability exists in Nanopb versions prior to 0.3.1, which stems from an overflow in pbdecbytes and pbdecstring...
SUSE CVE-2022-31117
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...
python-ujson: Potential double free of buffer during string decoding
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...
python-ujson: Potential double free of buffer during string decoding
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...
Updated python-ujson packages fix security vulnerability
Add support for arbitrary size integers. Replace 'wchart' string decoding implementation with a 'uint32t'-based one; fix handling of surrogates on decoding CVE-2022-31116 Potential double free of buffer during string decoding - Fix memory leak on encoding errors when the buffer was resized -...
MGASA-2022-0270 Updated python-ujson packages fix security vulnerability
Add support for arbitrary size integers. Replace 'wchart' string decoding implementation with a 'uint32t'-based one; fix handling of surrogates on decoding CVE-2022-31116 Potential double free of buffer during string decoding - Fix memory leak on encoding errors when the buffer was resized -...
GHSA-FM67-CV37-96FF Potential double free of buffer during string decoding
Impact What kind of vulnerability is it? Who is impacted? When an error occurs while reallocating the buffer for string decoding, the buffer gets freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. Patches Has the problem been patche...
DEBIAN-CVE-2022-31117
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...
Double free
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...
UBUNTU-CVE-2022-31117
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...
CVE-2022-31117 Double free of buffer during string decoding in ujson
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...
PT-2022-20540 · Ultrajson +4 · Ultrajson +4
Name of the Vulnerable Software and Affected Versions: UltraJSON versions prior to 5.4.0 Description: The issue occurs when an error happens while reallocating a buffer for string decoding, causing the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is...