9593 matches found
CVE-2021-46951
In the Linux kernel, the following vulnerability has been resolved: tpm: efi: Use local variable for calculating final log size When tpmreadlogefi is called multiple times, which happens when one loads and unloads a TPM2 driver multiple times, then the global variable efitpmfinallogsize will at...
Integer overflow
In the Linux kernel, the following vulnerability has been resolved: tpm: efi: Use local variable for calculating final log size When tpmreadlogefi is called multiple times, which happens when one loads and unloads a TPM2 driver multiple times, then the global variable efitpmfinallogsize will at...
CVE-2021-46951
In the Linux kernel, the following vulnerability has been resolved: tpm: efi: Use local variable for calculating final log size When tpmreadlogefi is called multiple times, which happens when one loads and unloads a TPM2 driver multiple times, then the global variable efitpmfinallogsize will at...
Uninitialized Variable in fastecdsa
Versions of the package fastecdsa before 2.3.2 use an Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary realloc, null pointer...
GHSA-PH86-G9R3-5QW4 Uninitialized Variable in fastecdsa
Versions of the package fastecdsa before 2.3.2 use an Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary realloc, null pointer...
CVE-2024-21502
Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary...
PYSEC-2024-39
Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary...
Null pointer dereference
Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary...
CVE-2024-21502
Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary...
CVE-2024-21502
Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary...
CVE-2024-21502
CVE-2024-21502 affects the fastecdsa library prior to 2.3.2. The root cause is a Use of Uninitialized Variable on the stack in the curvemath_mul function (src/curveMath.c), where a value is interpreted as a user-defined type. Depending on the value, an attacker-controlled stack can cause arbitrar...
SUSE CVE-2023-52452
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix accesses to uninit stack slots Privileged programs are supposed to be able to read uninitialized stack memory ever since 6715df8d5 but, before this patch, these accesses were permitted inconsistently. In particular,...
SUSE CVE-2024-26589
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject variable offset alu on PTRTOFLOWKEYS For PTRTOFLOWKEYS, checkflowkeysaccess only uses fixed off for validation. However, variable offset ptr alu is not prohibited for this ptr kind. So the variable offset is not...
CVE-2024-26589
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject variable offset alu on PTRTOFLOWKEYS For PTRTOFLOWKEYS, checkflowkeysaccess only uses fixed off for validation. However, variable offset ptr alu is not prohibited for this ptr kind. So the variable offset is not...
PT-2024-18918 · Fastecdsa · Fastecdsa
Name of the Vulnerable Software and Affected Versions: fastecdsa versions prior to 2.3.2 Description: The issue is related to the use of an uninitialized variable on the stack, specifically via the curvemath mul function in src/curveMath.c. This variable is used and interpreted as a user-defined...
Helm's Missing YAML Content Leads To Panic
A Helm contributor discovered uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. Impact When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would occur in Helm. In the Helm SDK this is found when...
GHSA-R53H-JV2G-VPX6 Helm's Missing YAML Content Leads To Panic
A Helm contributor discovered uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. Impact When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would occur in Helm. In the Helm SDK this is found when...
DEBIAN-CVE-2024-26589
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject variable offset alu on PTRTOFLOWKEYS For PTRTOFLOWKEYS, checkflowkeysaccess only uses fixed off for validation. However, variable offset ptr alu is not prohibited for this ptr kind. So the variable offset is not...
DEBIAN-CVE-2023-52452
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix accesses to uninit stack slots Privileged programs are supposed to be able to read uninitialized stack memory ever since 6715df8d5 but, before this patch, these accesses were permitted inconsistently. In particular,...
UBUNTU-CVE-2024-26589
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject variable offset alu on PTRTOFLOWKEYS For PTRTOFLOWKEYS, checkflowkeysaccess only uses fixed off for validation. However, variable offset ptr alu is not prohibited for this ptr kind. So the variable offset is not...