Lucene search
K

23 matches found

OSV
OSV
added 2026/07/06 6:27 a.m.5 views

OESA-2026-2833 python-zeroconf security update

Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Security Fixes: readcharacterstring and readstring in src/zeroconf/protocol/incoming.py sliced self.dataself.offset : self.offset + length and advanced self.offset by the declared length without checking it against...

6AI score
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/25 8:1 p.m.6 views

CVE-2026-7531

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

9.8CVSS5.8AI score0.00346EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 12:58 p.m.37 views

CVE-2026-46072

CVE-2026-46072 describes a vulnerability in ntfs3 within the Linux kernel where run_unpack() can perform an out-of-bounds read. Specifically, after checking run_buf

5.5CVSS5.8AI score0.00123EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.22 views

PT-2026-43939

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The run unpack function in the ntfs3 driver fails to verify if the size size and offset size bytes read via run unpack s64 fit within the remaining buffer, despite checking run buf run...

5.5CVSS5.9AI score0.00123EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/18 12:59 p.m.7 views

Denial of service in github.com/shamaton/msgpack

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...

7.5CVSS5.9AI score0.00405EPSS
Exploits1References6Affected Software2
OSV
OSV
added 2026/03/18 12:59 p.m.2 views

GHSA-H9Q6-HC68-35RP Denial of service in github.com/shamaton/msgpack

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...

7.5CVSS5.9AI score0.00405EPSS
Exploits1References6
OSV
OSV
added 2026/03/16 8:27 p.m.6 views

GO-2026-4513 Denial of service in github.com/shamaton/msgpack

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...

7.5CVSS6AI score0.00405EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.5 views

PT-2026-28435

Name of the Vulnerable Software and Affected Versions msgpack affected versions not specified Description The msgpack decoder does not correctly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can result in an out-of-bounds read and a runtime...

9.8CVSS6AI score0.03256EPSS
Exploits33References152
EUVD
EUVD
added 2025/12/19 12:31 a.m.10 views

EUVD-2025-204395

Out-of-bounds read CWE-125 allows an unauthenticated remote attacker to perform a buffer overflow CAPEC-100 via the NFS protocol dissector, leading to a denial-of-service DoS through a reliable process crash when handling truncated XDR-encoded RPC messages...

6.5CVSS7AI score0.002EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/16 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-68210

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: avoid infinite loop due to incomplete zstd-compressed data Currently, the decompression logic incorrectly spins if compressed data is truncated in crafte...

6.2AI score0.00166EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.4 views

SUSE CVE-2007-2756

The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service CPU consumption via a crafted PNG image with truncated data, which causes an infinite loop in the pngreadinfo function in libpng...

4.3CVSS6.2AI score0.04267EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:3 a.m.5 views

SUSE CVE-2016-4077

epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service use-after-free and application crash via a crafted packet...

5.9CVSS7.3AI score0.02005EPSS
Exploits1References3
Veracode
Veracode
added 2019/07/24 2:40 p.m.15 views

Denial Of Service (DoS)

mastercactapus proxyprotocol is vulnerable to denial of service attacks. Remote attackers are able to send a specifically crafted HAProxy PROXY v2 request with truncated source/destination address data to the server causing a system crash...

7.5CVSS7.3AI score0.04295EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2019/07/23 10:15 p.m.23 views

CVE-2019-14243

headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service webserver panic and daemon crash via a crafted HAProxy PROXY v2 request with truncated source/destinatio...

7.5CVSS6.8AI score
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2016/04/14 12:0 a.m.25 views

openSUSE Security Update : lhasa (openSUSE-2016-454)

This update for lhasa to 0.3.1 fixes the following issues : These security issues were fixed : - CVE-2016-2347: Integer underflow vulnerability in the code for doing LZH level 3 header decodes boo973790 These non-security issues were fixed : - PMarc -pm1- archives that contain truncated compresse...

7.8CVSS7.6AI score0.03228EPSS
Exploits1References2
Prion
Prion
added 2011/06/22 9:55 p.m.16 views

Design/Logic Flaw

The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...

5CVSS7.1AI score0.01447EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2011/06/22 9:55 p.m.19 views

CVE-2011-2532

The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...

5CVSS5.9AI score0.01447EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2007/10/25 5:33 p.m.8 views

gd / php-gd ImageCreateFromPng infinite loop caused by truncated PNG

The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service CPU consumption via a crafted PNG image with truncated data, which causes an infinite loop in the pngreadinfo function in libpng...

4.3CVSS6.6AI score0.04267EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2007/09/26 8:34 a.m.11 views

gd / php-gd ImageCreateFromPng infinite loop caused by truncated PNG

The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service CPU consumption via a crafted PNG image with truncated data, which causes an infinite loop in the pngreadinfo function in libpng...

4.3CVSS6.6AI score0.04267EPSS
Exploits0References4
Prion
Prion
added 2007/05/18 6:30 p.m.16 views

Code injection

The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service CPU consumption via a crafted PNG image with truncated data, which causes an infinite loop in the pngreadinfo function in libpng...

4.3CVSS5.8AI score0.04267EPSS
Exploits0References62Affected Software1
Rows per page
Query Builder