21 matches found
CVE-2026-46072
CVE-2026-46072 affects the Linux kernel ntfs3 code path. The vulnerability arises in run_unpack(), where a loop checks run_buf
PT-2026-43939
In the Linux kernel, the following vulnerability has been resolved: ntfs3: add buffer boundary checks to run unpack run unpack checks run buf run last at the top of the while loop but then reads size size and offset size bytes via run unpack s64 without verifying they fit within the remaining...
Denial of service in github.com/shamaton/msgpack
The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...
GHSA-H9Q6-HC68-35RP Denial of service in github.com/shamaton/msgpack
The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...
GO-2026-4513 Denial of service in github.com/shamaton/msgpack
The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...
PT-2026-28435
Name of the Vulnerable Software and Affected Versions msgpack affected versions not specified Description The msgpack decoder does not correctly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can result in an out-of-bounds read and a runtime...
EUVD-2025-204395
Out-of-bounds read CWE-125 allows an unauthenticated remote attacker to perform a buffer overflow CAPEC-100 via the NFS protocol dissector, leading to a denial-of-service DoS through a reliable process crash when handling truncated XDR-encoded RPC messages...
Linux Distros Unpatched Vulnerability : CVE-2025-68210
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: avoid infinite loop due to incomplete zstd-compressed data Currently, the decompression logic incorrectly spins if compressed data is truncated in crafte...
SUSE CVE-2007-2756
The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service CPU consumption via a crafted PNG image with truncated data, which causes an infinite loop in the pngreadinfo function in libpng...
SUSE CVE-2016-4077
epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service use-after-free and application crash via a crafted packet...
Denial Of Service (DoS)
mastercactapus proxyprotocol is vulnerable to denial of service attacks. Remote attackers are able to send a specifically crafted HAProxy PROXY v2 request with truncated source/destination address data to the server causing a system crash...
CVE-2019-14243
headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service webserver panic and daemon crash via a crafted HAProxy PROXY v2 request with truncated source/destinatio...
openSUSE Security Update : lhasa (openSUSE-2016-454)
This update for lhasa to 0.3.1 fixes the following issues : These security issues were fixed : - CVE-2016-2347: Integer underflow vulnerability in the code for doing LZH level 3 header decodes boo973790 These non-security issues were fixed : - PMarc -pm1- archives that contain truncated compresse...
Design/Logic Flaw
The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...
CVE-2011-2532
The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...
gd / php-gd ImageCreateFromPng infinite loop caused by truncated PNG
The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service CPU consumption via a crafted PNG image with truncated data, which causes an infinite loop in the pngreadinfo function in libpng...
gd / php-gd ImageCreateFromPng infinite loop caused by truncated PNG
The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service CPU consumption via a crafted PNG image with truncated data, which causes an infinite loop in the pngreadinfo function in libpng...
Code injection
The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service CPU consumption via a crafted PNG image with truncated data, which causes an infinite loop in the pngreadinfo function in libpng...
CVE-2007-2756
The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service CPU consumption via a crafted PNG image with truncated data, which causes an infinite loop in the pngreadinfo function in libpng...
DEBIAN-CVE-2007-2756
The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service CPU consumption via a crafted PNG image with truncated data, which causes an infinite loop in the pngreadinfo function in libpng...