Vitess vulnerable to infinite memory consumption and vtgate crash

Summary When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will OOM. Details When running the following query, the evalengine will try evaluate it and runs forever. select utf16 0xFF The source of the bug lies in the...

PT-2024-24940 · Vitess · Vitess

Name of the Vulnerable Software and Affected Versions: Vitess versions prior to 17.0.7 Vitess versions prior to 18.0.5 Vitess versions prior to 19.0.4 Description: The issue arises when executing a specific query, causing the vtgate to enter an endless loop and consume increasing amounts of memor...

SUSE CVE-2023-52389

UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert and Poco::UTF32::queryConvert may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in...

Integer Overflow to Buffer Overflow

Overview Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow in the UTF32Encoding::convert and UTF32Encoding::queryConvert methods. Remediation Upgrade poco to version 1.11.0 or higher. References - GitHub Commit - GitHub Commit - GitHub Diff - GitHub Issue -...

UBUNTU-CVE-2023-52389

UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert and Poco::UTF32::queryConvert may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in...

PT-2024-40745 · Git +1 · Simdutf

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap buffer overflow issue was identified, specifically a WRITE 16 error, which occurred in the simdutf::westmere::implementation::convert utf8 to utf3...

PT-2023-35752 · Git +1 · Simdutf

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow write error. It occurs in the simdutf::haswell::implementation::convert utf8 to utf32 function, as indicat...

AlmaLinux 9 : pcre2 (ALSA-2022:5251)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5251 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...

PT-2024-14579 · Poco +1 · Poco +1

Name of the Vulnerable Software and Affected Versions: POCO versions prior to 1.11.8p2 POCO versions prior to 1.12.5p2 POCO versions prior to 1.13.0 Description: The issue is caused by an integer overflow and resultant stack buffer overflow in UTF32Encoding.cpp, specifically in the...