23 matches found
USN-8202-3 jq regression
USN-8202-1 fixed vulnerabilities in jq. The update caused a regression for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An...
USN-8202-2 jq vulnerabilities
USN-8202-1 fixed vulnerabilities in jq. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute...
USN-8202-1 jq vulnerabilities
It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was addressed in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS...
USN-8202-1: jq vulnerabilities
It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was addressed in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS...
UBUNTU-CVE-2023-53729
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in a lot of qmi element info structures account for null terminated strings with MAXLEN + 1. If a string is actually MAXLEN + 1 length, this wil...
EUVD-2018-3955
Malware in sbrugna...
UBUNTU-CVE-2022-49436
In the Linux kernel, the following vulnerability has been resolved: powerpc/paprscm: Fix leaking nvdimmeventsmap elements Right now 'char ' elements allocated for individual 'statid' in 'paprscmpriv.nvdimmeventsmap' during paprscmpmucheckevents, get leaked in paprscmremove and paprscmpmuregister,...
DEBIAN-CVE-2021-47458
In the Linux kernel, the following vulnerability has been resolved: ocfs2: mount fails with buffer overflow in strlen Starting with kernel 5.11 built with CONFIGFORTIFYSOURCE mouting an ocfs2 filesystem with either o2cb or pcmk cluster stack fails with the trace below. Problem seems to be that...
CVE-2023-52845
In the Linux kernel, the following vulnerability has been resolved: tipc: Change nlapolicy for bearer-related names to NLANULSTRING syzbot reported the following uninit-value access issue 1: ===================================================== BUG: KMSAN: uninit-value in strlen lib/string.c:418...
CVE-2023-52845 tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
In the Linux kernel, the following vulnerability has been resolved: tipc: Change nlapolicy for bearer-related names to NLANULSTRING syzbot reported the following uninit-value access issue 1: ===================================================== BUG: KMSAN: uninit-value in strlen lib/string.c:418...
Updated mysql-connector-c++ packages fix security vulnerability
Buffer overflow due to inccorect calculation in EVPPKEYdecrypt. CVE-2021-3711 Denial of Service attack due to possible non-zero terminated strings. CVE-2021-3712...
openssl: Read buffer overruns processing ASN.1 strings
It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a...
Ubuntu 19.04 : Linux kernel vulnerabilities (USN-4069-1)
It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2019-11487 Jann Horn discovered that ...
Buffer overflow
In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, Buffer overread may occur due to non-null terminated strings while processing vsprintf in camera jpeg driver...
CVE-2018-11963
In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, Buffer overread may occur due to non-null terminated strings while processing vsprintf in camera jpeg driver...
CVE-2017-7790
On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system. Note: This attack only affects Windows operating systems...
CVE-2017-7790
On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system. Note: This attack only affects Windows operating systems...
CVE-2017-7790
On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system. Note: This attack only affects Windows operating systems...
FreeBSD : serf -- SSL Certificate Null Byte Poisoning (69048656-2187-11e4-802c-20cf30e32f6d)
serf Development list reports : Serf provides APIs to retrieve information about a certificate. These APIs return the information as NUL terminated strings commonly called C strings. X.509 uses counted length strings which may include a NUL byte. This means that a library user will interpret any...
SuSE 11.3 Security Update : icedtea-web (SAT Patch Number 7981)
This update to IcedTea-Web 1.4 provides the following fixes and enhancements : - Security updates - RH916774: Class-loader incorrectly shared for applets with same relative-path. CVE-2013-1926 - RH884705: fixed gifar vulnerabilit. CVE-2013-1927 - RH840592: Potential read from an uninitialized...