14 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-42440
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 2.5.9 before 3.0.0-M3 Description: The...
Apache OpenNLP AbstractModelReader has an OOM Denial of Service via Unbounded Array Allocation
OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: Before 2.5.9 Before 3.0.0-M3 Description: The AbstractModelReader methods getOutcomes, getOutcomePatterns, and getPredicates each read a 32-bit signed integer count field from a binary...
CVE-2026-42440
OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 2.5.9 before 3.0.0-M3 Description: The AbstractModelReader methods getOutcomes, getOutcomePatterns, and getPredicates each read a 32-bit signed integer count field from a binary...
UBUNTU-CVE-2026-42440
OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 2.5.9 before 3.0.0-M3 Description: The AbstractModelReader methods getOutcomes, getOutcomePatterns, and getPredicates each read a 32-bit signed integer count field from a binary...
CVE-2026-25882
Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route...
Gitlab -- Vulnerabilities
Gitlab reports: Denial of Service issue when uploading specifically crafted JSON files impacts GitLab CE/EE Denial of Service issue bypassing query complexity limits impacts GitLab CE/EE Information disclosure issue in virtual registery configuration for low privileged users impacts GitLab CE/EE...
CVE-2023-3138
A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust...
Upgraded Q -> 2 from #648 [1675725337760]
Judge has assessed an item in Issue 648 as 2 risk. The relevant finding follows: 2. Unbounded Array Vulnerability in Claim Function Link : Summary: The claim function in the Quest contract has an unbounded array vulnerability that could lead to an Out-of-Gas OOG error and make the contract...
Unbounded loop on array can lead to DoS
Lines of code Vulnerability details Description: As this array can grow quite large, the transaction’s gas cost could exceed the block gas limit and make it impossible to call this function at all a push exist but there's no pop in the solution, that means it will continuously only push which wil...
Upgraded Q -> M from 264 [1659038303960]
Judge has assessed an item in Issue 264 as Medium risk. The relevant finding follows: L-05 Unbounded loop on array can lead to DoS As these arrays can grow quite large only push operations, no pop, the transaction's gas cost could exceed the block gas limit and make it impossible to call the...
iteration over unbounded array
Handle danb Vulnerability details the functions applyCover and resume iterate over unbounded array. anyone can create an index and add it to the pool, therefore it is possible to add many indexes and prevent any call to applyCover and resume because of passing the gas limit. --- The text was...
Unbounded loop in function transferERC721
Handle shw Vulnerability details Impact The function transferERC721 loops over an unbounded array, timelockERC721KeysnftContract, whose length never decreases but increases whenever the owner locks an ERC721 token. Therefore, the required gas for executing this loop grows over time and could reac...
Impossible to call withdrawReward fails due to run out of gas
Handle s1m0 Vulnerability details Impact The withdrawReward fails due to the loop at . From my testing the dayDiff would be 18724 and with a gasLimit of 9500000 it stops at iteration 270 due to the fact that lastUpdatedDay is not initialized so is 0. Other than that it could run out of gas also f...
CVE-2018-16949
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values...