46 matches found
EUVD-2026-25622
Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's clipboard deserialization allows a connected peer to trigger an out-of-bounds read by sending a malformed clipboard update. The issue is in the implementation of...
Out-of-bounds Read
Overview github.com/shamaton/msgpack/v2/internal/decoding is a Affected versions of this package are vulnerable to Out-of-bounds Read. via the Unmarshal, UnmarshalAsMap, UnmarshalAsArray, and Marshal functions, which invoke Decode. An attacker can cause a panic with truncated fixext data that...
EUVD-2022-7376
Malicious code in bioql PyPI...
Amazon Linux 2023 : nerdctl (ALAS2023-2024-700)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-700 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing...
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...
ROS-20240522-06
A vulnerability in the protojson.Unmarshal function of the Golang programming language is related to an infinite loop when unmarshaling of certain JSON forms. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
RHCOS 4 : OpenShift Container Platform 4.15.6 (RHSA-2024:1563)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1563 advisory. - golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 - golang-protobuf:...
BIT-GOLANG-2022-30633 Stack exhaustion when unmarshaling certain documents in encoding/xml
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
GHSA-8R3F-844C-MC37 Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
CVE-2024-24786
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
CVE-2024-24786
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
CVE-2024-24786
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
Deserialization of Untrusted Data in apache-submarine
Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...
Denial Of Service (DoS)
github.com/hamba/avro is vulnerable to Denial Of Service DoS. The vulnerability exists in the ReadString function of reader.go because config.go does not properly restrict the maximum size of bytes and string types, allowing an attacker to cause an application crash by providing a maliciously...
CVE-2023-37475 Attacker-controlled parameter can cause denial of service in hamba avro
Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's github.com/hamba/avro/v2.Unmarshal can throw a fatal error: runtime: out of memory which is unrecoverable and can cause denial of service of the...
Denial Of Service (DoS)
github.com/pion/dtls is vulnerable to Denial Of Service DoS. The vulnerability exists in Unmarshal function due to out of bounds read via the server hello response which can result in an application crash...
Denial Of Service (DoS)
github.com/pion/dtls is vulnerable to Denial Of Service DoS. The vulnerability exists in the Unmarshal function which tries to unmarshal into buffer to small via a Hello Verify request message which allows an attacker to cause an application crash...
GHSA-4XGV-J62Q-H3RJ Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2
Impact During the unmarshalling of a hello verify request we could try to unmarshal into too small a buffer. is could result in a panic leading the program to crash. This issue could be abused to cause a denial of service. Workaround None, upgrade to 2.2.4...