Lucene search
K

11 matches found

RedHat Linux
RedHat Linux
added yesterday6 views

nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()

A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the subtle.encrypt function that is a multiple of 2 gigabytes GiB. This could lead to a denial of service DoS by crashing the Node.js process...

7.5CVSS5.9AI score0.02445EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 5:48 a.m.5 views

BIT-NODE-2026-48933

A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS7.1AI score0.02445EPSS
Exploits0References12
CVE
CVE
added 2026/06/26 1:14 a.m.104 views

CVE-2026-48933

CVE-2026-48933 describes a vulnerability in Node.js WebCrypto where AES processing in subtle.encrypt() can crash the process when the input size is a multiple of 2 GiB. The connected SUSE advisory confirms this CVE is addressed in the nodejs24 update to 24.17.0 as part of a rollup that fixes mult...

7.5CVSS6.6AI score0.02445EPSS
Exploits0References13Affected Software1
Cvelist
Cvelist
added 2026/06/26 1:14 a.m.41 views

CVE-2026-48933

A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS0.02445EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010953)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010953 advisory. In the Linux kernel, the following vulnerability has been resolved: perf: armspe: Prevent overflow in PERFIDX2OFF Cast nrpages to unsigned long to avoid overflow whe...

5.8AI score0.00193EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/31 1:28 p.m.8 views

EUVD-2026-17413

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

7.2CVSS5.8AI score0.00141EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/09/16 4:15 p.m.3 views

CVE-2025-58749

WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. In WAMR versions prior to 2.4.2, when running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill instruction where the first operand memory address...

5.3CVSS6.8AI score0.00344EPSS
Exploits1References2
OSV
OSV
added 2025/09/16 4:15 p.m.8 views

AZL-67608 CVE-2025-58749 affecting package fluent-bit for versions less than 3.1.9-6

WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. In WAMR versions prior to 2.4.2, when running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill instruction where the first operand memory address...

5.3CVSS5.7AI score0.00344EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2022/03/10 4:12 p.m.5 views

brotli: buffer overflow when input chunk is larger than 2GiB

A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a "one-shot" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB...

6.5CVSS7.3AI score0.03217EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/10 4:6 p.m.13 views

brotli: buffer overflow when input chunk is larger than 2GiB

A buffer overflow flaw was found in the Brotli library where an attacker could control the input length of a "one-shot" decompression request to a script that can trigger a crash. This issue can happen when copying chunks of data larger than 2 GiB...

6.5CVSS7.3AI score0.03217EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/04/21 12:49 a.m.4 views

libevent: Stack-buffer overflow in evutil_parse_sockaddr_port()

A vulnerability was found in libevent with the parsing of IPv6 addresses. If an attacker could cause an application using libevent to parse a malformed address in IPv6 notation of more than 2GiB in length, a stack overflow would occur leading to a crash...

7.5CVSS7.3AI score0.05208EPSS
Exploits1References4
Rows per page
Query Builder