Lucene search
K

24 matches found

OSV
OSV
added 2026/04/29 10:12 p.m.7 views

GHSA-6V9C-7CG6-27Q7 Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer

Summary A critical Denial of Service DoS vulnerability exists in [email protected]. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during parsing. This leads to unbounded memory allocatio...

8.7CVSS5.8AI score0.00342EPSS
Exploits1References3
NVD
NVD
added 2026/04/24 6:16 p.m.9 views

CVE-2026-41680

Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...

8.7CVSS0.00342EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/24 5:26 p.m.29 views

CVE-2026-41680 Marked: OOM Denial of Service via Infinite Recursion in marked Tokenizer

Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...

8.7CVSS0.00342EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/24 5:26 p.m.4 views

EUVD-2026-25585

Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...

8.7CVSS5.5AI score0.00342EPSS
Exploits1References1
CVE
CVE
added 2026/04/24 5:26 p.m.14 views

CVE-2026-41680

CVE-2026-41680 affects the Marked markdown parser/compiler. From versions 18.0.0 through 18.0.1, an unauthenticated attacker can trigger an infinite recursion in the tokenizer by sending the 3-byte sequence: tab, vertical tab, newline (\x09\x0b\n). This leads to unbounded memory allocation and ca...

8.7CVSS5.5AI score0.00342EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/02/05 5:16 p.m.6 views

CVE-2020-37119

Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS query payload to trigger a three-byte overwrite, bypass ASLR, and execute shellcode through a...

9.8CVSS0.00607EPSS
Exploits1References3
CVE
CVE
added 2026/02/05 4:13 p.m.12 views

CVE-2020-37119

CVE-2020-37119 affects Nsauditor 3.0.28 and 3.2.1.0. A buffer overflow in the DNS Lookup tool allows an attacker to overwrite memory with a crafted DNS query payload, bypass ASLR, and execute shellcode. Reported exploit details indicate a three-byte overwrite, with potential for arbitrary code ex...

9.8CVSS6.3AI score0.00607EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.6 views

PT-2026-6564

Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS query payload to trigger a three-byte overwrite, bypass ASLR, and execute shellcode through a...

9.8CVSS6.5AI score0.00607EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/11/06 12:0 a.m.3 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990448)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990448 advisory. In the Linux kernel, the following vulnerability has been resolved: video: fbdev: sm712fb: Fix crash in smtcfbwrite When the sm712fb driver writes three bytes to the...

5.5CVSS5.7AI score0.00259EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.3 views

PT-2025-35953

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the uvc parse format function within the uvcvideo module. A buffer length check only ensured a minimum buffer size of 3 bytes, while the function...

7.1CVSS7.2AI score0.00164EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/02/27 3:11 a.m.5 views

SUSE CVE-2022-49162

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: sm712fb: Fix crash in smtcfbwrite When the sm712fb driver writes three bytes to the framebuffer, the driver will crash: BUG: unable to handle page fault for address: ffffc90001ffffff RIP: 0010:smtcfbwrite+0x454/0x5b...

5.5CVSS7.6AI score0.00259EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2022/04/26 10:21 a.m.3 views

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

9.8CVSS7.5AI score0.04955EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/04/12 3:54 p.m.3 views

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

9.8CVSS7.5AI score0.04955EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/04/07 9:5 a.m.3 views

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

9.8CVSS7.5AI score0.04955EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/03/28 12:1 p.m.4 views

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

9.8CVSS7.5AI score0.04955EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/03/28 9:0 a.m.4 views

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

9.8CVSS7.5AI score0.04955EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/03/24 1:33 p.m.6 views

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

9.8CVSS7.5AI score0.04955EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/03/22 4:25 p.m.3 views

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

9.8CVSS7.5AI score0.04955EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/03/10 3:29 p.m.5 views

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

9.8CVSS7.5AI score0.04955EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/03/10 3:18 p.m.5 views

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

9.8CVSS7.5AI score0.04955EPSS
Exploits0References5
Rows per page
Query Builder