13 matches found
FreeBSD : nginx -- multiple vulnerabilities (46b654f8-6b28-11f1-b8e5-3497f65b111b)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 46b654f8-6b28-11f1-b8e5-3497f65b111b advisory. The nginx developers report: A heap memory buffer overflow vulnerability when using the...
nginx -- multiple vulnerabilities
The nginx developers report: A use-after-free vulnerability when using HTTP/3 and processing a specially crafted QUIC session may allow memory corruption or a segmentation fault in a worker process CVE-2026-42530. A heap memory buffer overflow vulnerability when using the "ignoreinvalidheaders...
CVE-2026-44288
A flaw was found in protobufjs, a library that compiles protobuf definitions into JavaScript functions. An attacker who can provide specially crafted protobuf binary data containing overlong UTF-8 Unicode Transformation Format - 8-bit byte sequences may be able to bypass application-level checks...
www/nginx -- Remote Code Execution/DoS
nginx development team reports: When using the "proxysetbody" directive, an attacker might inject data in the proxied request to an HTTP/2 backend A heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngxhttprewritemodule, potentially resultin...
CVE-2026-44288 protobufjs: Overlong UTF-8 decoding
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. An attacker who can provide protobuf...
NPM: protobufjs has overlong UTF-8 decoding
NPM: protobufjs has overlong UTF-8 decoding vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.5.5...
protobufjs has overlong UTF-8 decoding
Summary protobufjs includes a minimal UTF-8 decoder used in non-Node and fallback decoding paths. The affected decoder accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. The issue concerns overlong encodings and code points outside the...
OSV-2026-512 Heap-buffer-overflow in g_utf8_get_char
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=498475244 Crash type: Heap-buffer-overflow READ 1 Crash state: gutf8getchar gmarkupescapetext fuzzmarkupescapetext.c...
MiracleLinux 3 : qt-3.3.6-23.1AXS3 (AXBA:2008-400:02)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2008-400:02 advisory. - The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remo...
libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict
A flaw was found in the libsoup library. Decoding specially crafted UTF-8 input data with the soupheaderparseparamliststrict function can cause a heap-based buffer overflow, potentially resulting in code execution and denial of service to applications linked to the library...
CVE-2009-5016
Integer overflow in the xmlutf8decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting XSS and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870...
PT-2010-1171 · Php +1 · Php +1
Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.3.4 Description: The issue arises from the utf8 decode function not properly handling non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data. This makes it easier for remote attackers to bypass...
OpenJDK UTF-8 decoder accepts non-shortest form sequences (4486841)
Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications...