23 matches found
Security Bulletin: Integer Overflow Leading to Packet Corruption in Eclipse Paho Go MQTT, affects watsonx.data
Summary Eclipse Paho Go MQTT version 1.5.0 contains an integer overflow issue when handling UTF-8 strings longer than 65535 bytes. Improper length conversion can cause malformed MQTT packets, potentially leading to data leakage between fields e.g., topic data leaking into message body. This can...
EUVD-2012-5507
Malware in sbrugna...
EUVD-2015-4069
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2015-4041
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The keycomparemb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of byte...
CVE-2024-34363 Envoy can crash due to uncaught nlohmann JSON exception
Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash...
K34508112: Pango vulnerability CVE-2019-1010238
Security Advisory Description Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vecto...
unzip buffer overflow vulnerability (CNVD-2022-11523)
Info-ZIP UnZip is a Unix-based tool for decompressing ".zip" file formats developed by Greg Roelofs. unzip is vulnerable to a buffer overflow vulnerability that results from the conversion of utf-8 strings to native strings resulting in a segmentation error. An attacker could exploit this...
EulerOS 2.0 SP3 : coreutils (EulerOS-SA-2020-1374)
According to the versions of the coreutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The keycomparemb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering...
CVE-2015-4041
The keycomparemb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service heap-based buffer overflow and application crash ...
Heap overflow
The keycomparemb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service heap-based buffer overflow and application crash ...
CVE-2015-4041
CVE-2015-4041 affects GNU Coreutils (sort, sort.c, keycompare_mb) on 64-bit platforms. The vulnerability arises from a size calculation in keycompare_mb that does not account for the number of bytes occupied by multibyte UTF-8 characters, enabling a heap-based overflow under long UTF-8 strings an...
CVE-2010-4657
CVE-2010-4657 affects PHP5 prior to 5.4.4. The flaw allows passing invalid UTF-8 strings to xmlTextWriterWriteAttribute, which are misparsed by libxml2, causing a memory leak in the produced output. The vulnerability is triggered through the attribute-writing path and is not described as exploita...
Arbitrary Code Execution
pango is vulnerable to arbitrary code execution. A heap-based buffer overflow in the function pangolog2visgetembeddinglevels allows a remote attacker to execute arbitrary code by passing malicious utf-8 strings to the pangoitemize function...
ALPINE-CVE-2019-1010238
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when...
Heap overflow
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when...
CVE-2019-1010238
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when...
CVE-2019-1010238
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when...
CVE-2019-1010238
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when...
CVE-2017-7653
The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial ...
DLA-605-1 eog - security update
Bulletin has no description...