75 matches found
CVE-2024-35878
A null pointer dereference vulnerability was found in vsnprintf when str and len parameters are passed to vsnprintf, which only allows passing a NULL ptr when the length is 0. This issue can result in a crash and damage to availability. Mitigation Mitigation for this issue is either not available...
CVE-2024-35878
In the Linux kernel, the following vulnerability has been resolved: of: module: prevent NULL pointer dereference in vsnprintf In ofmodalias, we can get passed the str and len parameters which would cause a kernel oops in vsnprintf since it only allows passing a NULL ptr when the length is also 0...
DEBIAN-CVE-2024-35878
In the Linux kernel, the following vulnerability has been resolved: of: module: prevent NULL pointer dereference in vsnprintf In ofmodalias, we can get passed the str and len parameters which would cause a kernel oops in vsnprintf since it only allows passing a NULL ptr when the length is also 0...
UBUNTU-CVE-2024-35878
In the Linux kernel, the following vulnerability has been resolved: of: module: prevent NULL pointer dereference in vsnprintf In ofmodalias, we can get passed the str and len parameters which would cause a kernel oops in vsnprintf since it only allows passing a NULL ptr when the length is also 0...
CVE-2024-35878
In the Linux kernel, the following vulnerability has been resolved: of: module: prevent NULL pointer dereference in vsnprintf In ofmodalias, we can get passed the str and len parameters which would cause a kernel oops in vsnprintf since it only allows passing a NULL ptr when the length is also 0...
CVE-2024-35878 of: module: prevent NULL pointer dereference in vsnprintf()
In the Linux kernel, the following vulnerability has been resolved: of: module: prevent NULL pointer dereference in vsnprintf In ofmodalias, we can get passed the str and len parameters which would cause a kernel oops in vsnprintf since it only allows passing a NULL ptr when the length is also 0...
CVE-2024-35878 of: module: prevent NULL pointer dereference in vsnprintf()
In the Linux kernel, the following vulnerability has been resolved: of: module: prevent NULL pointer dereference in vsnprintf In ofmodalias, we can get passed the str and len parameters which would cause a kernel oops in vsnprintf since it only allows passing a NULL ptr when the length is also 0...
CVE-2024-35878 of: module: prevent NULL pointer dereference in vsnprintf()
In the Linux kernel, the following vulnerability has been resolved: of: module: prevent NULL pointer dereference in vsnprintf In ofmodalias, we can get passed the str and len parameters which would cause a kernel oops in vsnprintf since it only allows passing a NULL ptr when the length is also 0...
CVE-2024-35878
CVE-2024-35878 : The connected documentation provides concrete details—this Linux kernel vulnerability concerns a NULL pointer dereference in vsnprintf() triggered by improper handling of the str/len parameters in of_modalias(). The issue could oops when a NULL pointer is passed unless length is ...
PT-2024-26770
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a NULL pointer dereference in the vsnprintf function within the Linux kernel. Specifically, in the of modalias function, the str and len parameters can cause a...
SUSE CVE-2007-3294
Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via 1 a long second argument to the tidyparsestring function or 2 an unspecified vector to the tidyrepairstring function. NOTE...
SUSE CVE-2021-36386
reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any...
CVE-2021-36386
reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any...
Denial Of Service(DoS)
Fetchmail is vulnerable to denial of service. reportvbuild in report.c sometimes omits initialization of the vsnprintf valist argument, allowing mail servers to cause a denial of service or possibly have unspecified other impact via long error messages...
JDK: buffer overflow in jio_snprintf() and jio_vsnprintf()
In Eclipse OpenJ9, prior to the 0.12.0 release, the jiosnprintf and jiovsnprintf native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code...
JDK: buffer overflow in jio_snprintf() and jio_vsnprintf()
In Eclipse OpenJ9, prior to the 0.12.0 release, the jiosnprintf and jiovsnprintf native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code...
libgd memory leak vulnerability
libgd also known as GD Graphics Library or libgd2 is an American software developer Thomas Boutell developed an open source library for dynamic image creation, which supports the creation of charts, graphs and thumbnails and so on. A memory leak vulnerability exists in the 'gdCtxPrintf' function ...
Updated libgd packages fix security vulnerabilities
Updated libgd packages fix security vulnerabilities: The gdImageScaleTwoPass function in gdinterpolation.c in libgd before 2.2.0 uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service memory consumption via a crafted call, as demonstrated by a...
Updated latex2rtf packages fix security vulnerability
A format string vulnerability was found in CmdKeywords function when processing \keywords command in tex file. When the user runs latex2rtf with malicious crafted tex file, an attacker can execute arbitrary code. The variable 'keywords' in the function CmdKeywords may hold a malicious input strin...
Buffer overflow
Multiple buffer overflows in Spamdyke before 4.3.0 might allow remote attackers to execute arbitrary code via vectors related to "serious errors in the usage of snprintf/vsnprintf" in which the return values may be larger than the size of the buffer...