CrowdSec LAPI: Denial of Service via Unbounded Gzip Decompression

The LAPI router uses gin-contrib/gzip with DefaultDecompressHandle globally pkg/apiserver/controllers/controller.go. This middleware decompresses incoming request bodies without enforcing a maximum decompressed size. The endpoints /v1/watchers or /v1/watchers/login require no authentication. An...

Bird-lg-go 资源管理错误漏洞

Bird-lg-go is a BGP routing query tool developed by Yuhui Xu. Versions of Bird-lg-go prior to 1.4.5 contained a resource management vulnerability. This vulnerability stemmed from the apiHandler not limiting the maximum read size when processing the JSON payload provided by users. As a result,...

Unified Diagnostic Services Support Library in C 安全漏洞

Unified Diagnostic Services Support Library in C is an automotive electronic diagnostic protocol support library by a personal developer, Laughing with the Wind. Unified Diagnostic Services Support Library in C has a security vulnerability that originates from a stack buffer overflow in the...