2525 matches found
USN-2766-1 spice vulnerabilities
Frediano Ziglio discovered multiple buffer overflows, undefined behavior signed integer operations, race conditions, memory leaks, and denial of service issues in Spice. A malicious guest operating system could potentially exploit these issues to escape virtualization. CVE-2015-5260, CVE-2015-526...
subversion -- remotely triggerable "Assertion failed" DoS vulnerability or read overflow.
Subversion Project reports: Subversion's moddavsvn Apache HTTPD server module will trigger an assertion on some requests made against a revision root. This can lead to a DoS. If assertions are disabled it will trigger a read overflow which may cause a SEGFAULT or equivalent or undefined behavior...
C compilers may silently discard some wraparound checks
Overview Some C compilers optimize away pointer arithmetic overflow tests that depend on undefined behavior without providing a diagnostic a warning. Applications containing these tests may be vulnerable to buffer overflows if compiled with these compilers. Description In the C language, given th...
Cyrus IMAPd -- APPEND command uses undefined programming construct
To support MULTIAPPENDS the cmdappend handler uses the global stage array. This array is one of the things that gets destructed when the fatal function is triggered. When the Cyrus IMAP code adds new entries to this array this is done with the help of the postfix increment operator in combination...
CAN-2004-0814: Linux terminal layer races
Linux 2.6.9 fixes a set of race conditions in the Linux terminal subsystem which are believed to go back to 2.2 kernels if not earlier. The race shows up problematically in two places. Firstly a user can cause crashes and other undefined behaviour by issuing a TIOCSETLD ioctl on a terminal...