CVE-2024-21524

The CVE-2024-21524 entry affects the node-stringbuilder package. Affected component: StringBuilder usage in ToBuffer, ToString, or CharAt on non-empty inputs can miscalculate memory length, enabling out-of-bounds reads and potential information disclosure. Impact is described across multiple sour...

PT-2024-18938 · Npm · Node-Stringbuilder

Name of the Vulnerable Software and Affected Versions: node-stringbuilder versions all Description: The issue arises from incorrect memory length calculation in the node-stringbuilder package, leading to an Out-of-bounds Read. This occurs when methods such as ToBuffer, ToString, or CharAt are...

@persistr/cli (>=2.7.1 <=2.9.1), spidersharkcli (>=0.0.4 <=0.0.8) potentially affected by CVE-2024-21524 via node-stringbuilder (=2.2.7)

node-stringbuilder NPM version =2.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on node-stringbuilder and may be impacted: - @persistr/cli =2.7.1, =0.0.4, =0.0.8 Source cves: CVE-2024-21524 Source advisory: SNYK:JS-NODESTRINGBUILDER-6421617...

Out-of-bounds Read

Overview node-stringbuilder is an An easy and fast in-memory string builder for Node.js. Affected versions of this package are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string...

UBUNTU-CVE-2023-36109

Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecmastringbuilderappendraw component at /jerry-core/ecma/base/ecma-helpers-string.c...

JerryScript Security Vulnerability

JerryScript is a lightweight JavaScript engine from the Jerryscript project. A security vulnerability exists in JerryScript version 3.0 that originates from allowing remote attackers to execute arbitrary code via the ecmastringbuilderappendraw component in...

PT-2023-25431 · Unknown · Jerryscript

Name of the Vulnerable Software and Affected Versions: JerryScript version 3.0 Description: The issue allows remote attackers to execute arbitrary code via the ecma stringbuilder append raw component at /jerry-core/ecma/base/ecma-helpers-string.c. This is a Buffer Overflow vulnerability...

OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

Moderate: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

Security update for java-11-openjdk (moderate)

openSUSE Security Update: Security update for java-11-openjdk Announcement ID: openSUSE-SU-2022:0816-1 Rating: moderate References: 1194925 1194926 1194927 1194928 1194929 1194930 1194931 1194932 1194933 1194934 1194935 1194937 1194939 1194940 1194941 Cross-References: CVE-2022-21248 CVE-2022-212...

SUSE: Security Advisory (SUSE-SU-2022:0730-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : java-1.8.0-openjdk (RHSA-2022:0306)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0306 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

RHEL 8 : java-1.8.0-openjdk (RHSA-2022:0307)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0307 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x i686/x86_64 (2022:0306)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:0306-1 advisory. - OpenJDK: Incomplete deserialization class filtering in ObjectInputStream Serialization, 8264934 CVE-2022-21248 - OpenJDK: Insufficient URI chec...

RHEL 8 : java-1.8.0-openjdk (RHSA-2022:0304)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0304 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...

Moderate: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...