Lucene search
K

304 matches found

Snyk
Snyk
added 2026/02/13 6:58 p.m.5 views

Off-by-one Error

Overview bacnet-stack is a None Affected versions of this package are vulnerable to Off-by-one Error. via the tokenizerstring function. An attacker can cause a crash by providing a string literal longer than the buffer limit, which leads to a stack overflow when the function incorrectly writes a...

6.8CVSS5.8AI score0.0024EPSS
Exploits1References2
NVD
NVD
added 2026/02/13 6:16 p.m.10 views

CVE-2026-21870

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash SIGABRT when processing string literals longer...

5.5CVSS0.0024EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/13 5:58 p.m.30 views

CVE-2026-21870 The BACnet Protocol Stack library has an Off-by-one Stack-based Buffer Overflow in tokenizer_string

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash SIGABRT when processing string literals longer...

5.5CVSS0.0024EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/13 5:58 p.m.5 views

CVE-2026-21870

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash SIGABRT when processing string literals longer...

5.5CVSS6AI score0.0024EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/02/13 5:58 p.m.6 views

EUVD-2026-5920

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash SIGABRT when processing string literals longer...

5.5CVSS6AI score0.0024EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/13 5:58 p.m.4 views

CVE-2026-21870 The BACnet Protocol Stack library has an Off-by-one Stack-based Buffer Overflow in tokenizer_string

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash SIGABRT when processing string literals longer...

5.5CVSS6AI score0.0024EPSS
Exploits1References3
CVE
CVE
added 2026/02/13 5:58 p.m.14 views

CVE-2026-21870

The CVE-2026-21870 affects the BACnet Protocol Stack library, specifically versions 1.4.2, 1.5.0.rc2 and earlier. The root cause is an off-by-one, stack-based buffer overflow in the ubasic interpreter’s tokenizer_string function. It mishandles null termination for maximum-length strings, writing ...

5.5CVSS6AI score0.0024EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/13 5:58 p.m.8 views

CVE-2026-21870 The BACnet Protocol Stack library has an Off-by-one Stack-based Buffer Overflow in tokenizer_string

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash SIGABRT when processing string literals longer...

5.5CVSS6.1AI score0.0024EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.13 views

PT-2026-8018

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash SIGABRT when processing string literals longer...

5.5CVSS6AI score0.0024EPSS
Exploits1References4
OSV
OSV
added 2026/01/30 2:7 p.m.5 views

CLEANSTART-2026-PY85990 tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing

Security vulnerability affects the prometheus package. The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing...

9.8CVSS8.2AI score0.0045EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/01/27 12:28 a.m.20 views

SUSE CVE-2025-68383

Improper Validation of Specified Index, Position, or Offset in Input CWE-1285 in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow CAPEC-100 and cause a denial of service panic/crash of the Filebeat process via either a malformed Syslog message...

6.5CVSS5.9AI score0.00168EPSS
Exploits0References2
OSV
OSV
added 2026/01/23 2:28 a.m.4 views

GO-2025-4252 Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in github.com/elastic/beats

Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in github.com/elastic/beats...

6.5CVSS5.4AI score0.00168EPSS
Exploits0References5
Veracode
Veracode
added 2026/01/14 6:59 a.m.8 views

Improper Validation

github.com/elastic/beats are vulnerable to Improper Validation. The vulnerability is due to insufficient validation of indexes, positions, or offsets in input handling, which allows an attacker to trigger a buffer overflow by sending a malformed Syslog message or a malicious Dissect tokenizer...

6.5CVSS7.4AI score0.00168EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:8 a.m.7 views

CVE-2024-2952

BerriAI/litellm is vulnerable to Server-Side Template Injection SSTI via the /completions endpoint. The vulnerability arises from the hfchattemplate method processing the chattemplate parameter from the tokenizerconfig.json file through the Jinja template engine without proper sanitization...

9.8CVSS9.7AI score0.01256EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/19 10:13 p.m.6 views

CVE-2025-68383

Improper Validation of Specified Index, Position, or Offset in Input CWE-1285 in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow CAPEC-100 and cause a denial of service panic/crash of the Filebeat process via either a malformed Syslog message...

6.5CVSS6.8AI score0.00168EPSS
Exploits0References1
OSV
OSV
added 2025/12/19 12:31 a.m.5 views

GHSA-2MJ3-6GRC-PX38 Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration

Improper Validation of Specified Index, Position, or Offset in Input CWE-1285 in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow CAPEC-100 and cause a denial of service panic/crash of the Filebeat process via either a malformed Syslog message...

6.5CVSS6.8AI score0.00168EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/12/19 12:31 a.m.6 views

Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration

Improper Validation of Specified Index, Position, or Offset in Input CWE-1285 in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow CAPEC-100 and cause a denial of service panic/crash of the Filebeat process via either a malformed Syslog message...

6.5CVSS6.9AI score0.00168EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2025/12/18 10:16 p.m.5 views

CVE-2025-68383

Improper Validation of Specified Index, Position, or Offset in Input CWE-1285 in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow CAPEC-100 and cause a denial of service panic/crash of the Filebeat process via either a malformed Syslog message...

6.5CVSS5.8AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2025/12/18 10:16 p.m.18 views

CVE-2025-68383

Improper Validation of Specified Index, Position, or Offset in Input CWE-1285 in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow CAPEC-100 and cause a denial of service panic/crash of the Filebeat process via either a malformed Syslog message...

6.5CVSS0.00168EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.8 views

PT-2025-52365

Name of the Vulnerable Software and Affected Versions Filebeat affected versions not specified Libbeat affected versions not specified Description A flaw exists in the Syslog parser within Filebeat and the Dissect processor in Libbeat that allows for improper validation of input indexes, position...

6.5CVSS6.6AI score0.00168EPSS
Exploits0References15
Rows per page
Query Builder