CVE-2022-25872

All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory...

Out-of-bounds

All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory...

CVE-2022-25872 Out-of-bounds Read

All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory...

CVE-2022-25872

All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory...

fast-string-search 安全漏洞

fast-string-search is a search function that can search for strings using N-API and boyer-moore-magiclen. fast-string-search suffers from a denial-of-service vulnerability that stems from incorrect computation of non-string input, which can be exploited by an attacker to cause fast-string- search...

fast-string-search 缓冲区错误漏洞

fast-string-search is a module from the individual developer Magic Len Ron Li in China that searches for substrings in a string using N-API and boyer-moore-magiclen. A security vulnerability exists in fast-string-search due to incorrect memory freeing and length calculation of any non-string inpu...

Improper Handling of Unexpected Data Type in Nokogiri

Summary Nokogiri = 1.13.6. JRuby users are not affected. Workarounds To avoid this vulnerability in affected applications, ensure the untrusted input is a String by calling tos or equivalent...

kernel: KVM: SVM: out-of-bounds read/write in sev_es_string_io

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State SEV-ES. A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction for example, outs or ins using the exit...

kernel: KVM: SVM: out-of-bounds read/write in sev_es_string_io

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State SEV-ES. A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction for example, outs or ins using the exit...

CVE-2022-25077

TOTOLink A3100R V4.1.2cu.5050B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

Out-of-bounds Read

Overview fast-string-search is a module that can search substrings in a string by using N-API and boyer-moore-magiclen. Affected versions of this package are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows...

CVE-2020-7661

all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service...

CVE-2020-7661

all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service...

Cisco IOS XR Software Cisco Discovery Protocol Remote Code Execution Vulnerability (cisco-sa-20200205-iosxr-cdp-rce)

According to its self-reported version, the Cisco IOS XR Software is affected by a remote code execution vulnerability within the Cisco Discovery Protocol due to improper validation of string input. An unauthenticated, adjacent attacker can exploit this to bypass authentication and execute...

CVE-2020-3118 Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisc...

PYSEC-2020-338

In TensorFlow before 1.15.2 and 2.0.1, converting a string from Python to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker c...

CVE-2020-5215

In TensorFlow before 1.15.2 and 2.0.1, converting a string from Python to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker c...

Updated samba packages fix security vulnerabilities

The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers CVE-2019-14902. When processing untrusted string input Samba can read past the end of the allocated buffer when printing a...

samba -- multiple vulnerabilities

The Samba Team reports: CVE-2019-14902 The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers. CVE-2019-14907 When processing untrusted string input Samba can read past the end of th...

CURL-CVE-2019-5435 Integer overflows in URL parser

libcurl contains two integer overflows in the curlurlset function that if triggered, can lead to a too small buffer allocation and a subsequent heap buffer overflow. The flaws only exist on 32-bit architectures and require excessive string input lengths...