10 matches found
Rust-WebSocket memory allocation based on untrusted length
Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...
GHSA-QRJV-RF5Q-QPXC Rust-WebSocket memory allocation based on untrusted length
Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...
CVE-2022-35922
Rust-WebSocket is a WebSocket RFC6455 library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based...
Design/Logic Flaw
Rust-WebSocket is a WebSocket RFC6455 library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based...
CVE-2022-35922 Memory allocation based on untrusted length in rust-websocket
Rust-WebSocket is a WebSocket RFC6455 library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based...
Unbounded memory allocation based on untrusted length
Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...
Debian DLA-1562-3 : poppler regression update
A second regression issue has been resolved in the poppler PDF rendering shared library this time introduced with version 0.26.5-2+deb8u6 see DLA 1562-2. CVE-2018-16646 In Poppler 0.68.0, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker c...
Security update for libgit2 (important)
This update for libgit2 to version 0.26.5 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10887: Fixed an integer overflow which in turn leads to an out of bound read, allowing to read the base object, which could be exploited by an attacker to cause...
poppler security update
0.26.5-17 - Resolves: rhbz1482934 CVE-2017-9776...
DSA-3563-1 poppler - security update
Bulletin has no description...