24 matches found
GHSA-6V9C-7CG6-27Q7 Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer
Summary A critical Denial of Service DoS vulnerability exists in [email protected]. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during parsing. This leads to unbounded memory allocatio...
CVE-2026-41680
Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...
CVE-2026-41680 Marked: OOM Denial of Service via Infinite Recursion in marked Tokenizer
Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...
EUVD-2026-25585
Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...
CVE-2026-41680
CVE-2026-41680 affects the Marked markdown parser/compiler. From versions 18.0.0 through 18.0.1, an unauthenticated attacker can trigger an infinite recursion in the tokenizer by sending the 3-byte sequence: tab, vertical tab, newline (\x09\x0b\n). This leads to unbounded memory allocation and ca...
CVE-2020-37119
Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS query payload to trigger a three-byte overwrite, bypass ASLR, and execute shellcode through a...
CVE-2020-37119
CVE-2020-37119 affects Nsauditor 3.0.28 and 3.2.1.0. A buffer overflow in the DNS Lookup tool allows an attacker to overwrite memory with a crafted DNS query payload, bypass ASLR, and execute shellcode. Reported exploit details indicate a three-byte overwrite, with potential for arbitrary code ex...
PT-2026-6564
Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS query payload to trigger a three-byte overwrite, bypass ASLR, and execute shellcode through a...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990448)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990448 advisory. In the Linux kernel, the following vulnerability has been resolved: video: fbdev: sm712fb: Fix crash in smtcfbwrite When the sm712fb driver writes three bytes to the...
PT-2025-35953
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the uvc parse format function within the uvcvideo module. A buffer length check only ensured a minimum buffer size of 3 bytes, while the function...
SUSE CVE-2022-49162
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: sm712fb: Fix crash in smtcfbwrite When the sm712fb driver writes three bytes to the framebuffer, the driver will crash: BUG: unable to handle page fault for address: ffffc90001ffffff RIP: 0010:smtcfbwrite+0x454/0x5b...
expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...
expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...
expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...
expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...
expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...
expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...
expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...
expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...
expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...