Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function

The heap-buffer-overflow is triggered in the strlen function when handling the ccharstostr function in the dbn crate. This vulnerability occurs because the CStr::fromptr function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars arr...

RUSTSEC-2024-0377 Heap Buffer overflow using c_chars_to_str function

The heap-buffer-overflow is triggered in the strlen function when handling the ccharstostr function in the dbn crate. This vulnerability occurs because the CStr::fromptr function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars arr...

OSV-2024-1066 Heap-buffer-overflow in StrLen

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=71496 Crash type: Heap-buffer-overflow READ 2 Crash state: StrLen MangleFileName ToolChainHarnessLib.c...

CVE-2024-39487

In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bondoptionarpiptargetsset In function bondoptionarpiptargetsset, if newval-string is an empty string, newval-string+1 will point to the byte after the string, causing an out-of-bound read. BUG:...

SUSE CVE-2024-38541

In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in ofmodalias In ofmodalias, if the buffer happens to be too small even for the 1st snprintf call, the len parameter will become negative and str parameter if not NULL initially will point...

DEBIAN-CVE-2024-38541

In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in ofmodalias In ofmodalias, if the buffer happens to be too small even for the 1st snprintf call, the len parameter will become negative and str parameter if not NULL initially will point...

UBUNTU-CVE-2024-38541

In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in ofmodalias In ofmodalias, if the buffer happens to be too small even for the 1st snprintf call, the len parameter will become negative and str parameter if not NULL initially will point...

CVE-2024-38541

In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in ofmodalias In ofmodalias, if the buffer happens to be too small even for the 1st snprintf call, the len parameter will become negative and str parameter if not NULL initially will point...

CVE-2024-38541 of: module: add buffer overflow check in of_modalias()

In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in ofmodalias In ofmodalias, if the buffer happens to be too small even for the 1st snprintf call, the len parameter will become negative and str parameter if not NULL initially will point...

CVE-2021-47458

In the Linux kernel, the following vulnerability has been resolved: ocfs2: mount fails with buffer overflow in strlen Starting with kernel 5.11 built with CONFIGFORTIFYSOURCE mouting an ocfs2 filesystem with either o2cb or pcmk cluster stack fails with the trace below. Problem seems to be that...

CVE-2021-47458

CVE-2021-47458 affects the ocfs2 mount path in the Linux kernel. It occurs when mounting ocfs2 with o2cb or pcmk on kernels built with Fortify Source, due to non-null-terminated strings in the disk representation being treated as null-terminated by strlcpy, triggering a buffer overflow and a fort...

UBUNTU-CVE-2024-26988

In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential staticcommandline memory overflow We allocate memory of size 'xlen + strlenbootcommandline + 1' for staticcommandline, but the strings copied into staticcommandline are extracommandline and commandline,...

CVE-2023-52443

In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed profile in unpackprofile described like "profile :ns::samba-dcerpcd /usr/lib/samba/,samba/samba-dcerpcd ..." a string ":samba-dcerpcd" is unpacked a...

Null pointer dereference

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgxiswithinuser...

CVE-2023-38022

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgxiswithinuser...

kernel: fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL

In the Linux kernel, the following vulnerability has been resolved: fortify: Fix compiletimestrlen under UBSANBOUNDSLOCAL With CONFIGFORTIFY=y and CONFIGUBSANLOCALBOUNDS=y enabled, we observe a runtime panic while running Android's Compatibility Test Suite's CTS android.hardware.input.cts.tests...

kernel: fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL

In the Linux kernel, the following vulnerability has been resolved: fortify: Fix compiletimestrlen under UBSANBOUNDSLOCAL With CONFIGFORTIFY=y and CONFIGUBSANLOCALBOUNDS=y enabled, we observe a runtime panic while running Android's Compatibility Test Suite's CTS android.hardware.input.cts.tests...

CVE-2020-23259

An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the JsiStrlen function in the src/jsiChar.c file...

SUSE CVE-2017-1000257

An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that non-existing data with a pointer and the size zero to the deliver-data function. libcurl's deliver-data function treats zero as a mag...

SUSE CVE-2021-38202

fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service out-of-bounds read in strlen by sending NFS traffic when the trace event framework is being used for nfsd...