PT-2026-42406

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.4 through 4.4.2 Description A stack-based buffer overflow occurs due to UCS-2 type confusion within the convert charset function. This allows a remote authenticated attacker to execute arbitrary code or cause a denial of...

Astra Linux - уязвимость в zvbi

A vulnerability was discovered in libzvbi up to version 0.2.43. It has been classified as a problematic issue. The affected function is vbistrndupiconvucs2 in the file src/conv.c. Manipulating the srclength argument leads to an uninitialized pointer. This vulnerability can be exploited remotely...

SUSE CVE-2025-2173

A vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the function vbistrndupiconvucs2 of the file src/conv.c. The manipulation of the argument srclength leads to uninitialized pointer. It is possible to launch the attack remotely. The exploit has...

UBUNTU-CVE-2025-2174

A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbistrndupiconvucs2 of the file src/conv.c. The manipulation of the argument srclength leads to integer overflow. The attack can be launched remotely. The exploit...

PT-2025-10701 · Libzvbi +5 · Libzvbi +5

Name of the Vulnerable Software and Affected Versions: libzvbi versions 0.2.43 and earlier Description: A problem has been found in the function vbi strndup iconv ucs2 of the file src/conv.c. The manipulation of the argument src length leads to an integer overflow. This issue can be exploited...

Vitess vulnerable to infinite memory consumption and vtgate crash

Summary When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will OOM. Details When running the following query, the evalengine will try evaluate it and runs forever. select utf16 0xFF The source of the bug lies in the...

PT-2024-24940 · Vitess · Vitess

Name of the Vulnerable Software and Affected Versions: Vitess versions prior to 17.0.7 Vitess versions prior to 18.0.5 Vitess versions prior to 19.0.4 Description: The issue arises when executing a specific query, causing the vtgate to enter an endless loop and consume increasing amounts of memor...

nodejs: Out of bounds (OOB) write via UCS-2 encoding

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding recognized by Node.js under the names 'ucs2', 'ucs-2', 'utf16le' and 'utf-16le', Bufferwrite can be abused to write outside of the bounds of a single Buffer. Writes that start from the second-to-last...