255 matches found
EUVD-2020-20338
A flaw was found in samba. Spaces used in a string around a domain name DN, while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability...
The vulnerability in Mozilla Firefox, Firefox ESR, and the email client Thunderbird arises from incorrect handling of zero bytes or NULL values during data exchange. This allows an attacker to exploit their privileges or cause service failures.
The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to incorrect handling of zero bytes or NULL values during data exchange. Exploiting these vulnerabilities can allow an attacker to increase their privileges or cause service failures...
UBUNTU-CVE-2020-27840
A flaw was found in samba. Spaces used in a string around a domain name DN, while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability...
haproxy security, bug fix, and enhancement update
1.8.23-3 - Fix hapack zero byte input causing overwrite CVE-2020-11100, 1819519 1.8.23-2 - Consider exist status 143 as success 1778844 1.8.23-1 - Update to 1.8.23 1774745...
DEBIAN-CVE-2020-7066
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using getheaders with user-supplied URL, if the URL contains zero \0 character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the getheade...
BSA-2020-926
Security Advisory ID : BSA-2020-926 Component : openfortivpn Revision : 1.0: Final tunnel.c mishandles certificate validation in openfortivpn 1.11.0 due to multiples issues. CVE-2020-7041 An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles...
openssl: 0-byte record padding oracle
If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...
openssl: 0-byte record padding oracle
If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...
Vulnerability in the ADS Discovery Service of the TwinCAT automation and process control software that allows an attacker to cause a partial denial of service.
A vulnerability in the ADS Discovery Service of the TwinCAT automation and process control software exists due to insufficient input data validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a partial denial of service using a specially generated UDP pack...
libssh2 security update
CentOS Errata and Security Advisory CESA-2019:2136 An update for libssh2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
DEBIAN-CVE-2019-15145
DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack application crash via an out-of-bounds read by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::getdirectcontext in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h...
UBUNTU-CVE-2019-15145
DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack application crash via an out-of-bounds read by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::getdirectcontext in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h...
DjVuLibre Buffer Overflow Vulnerability (CNVD-2019-29361)
DjVuLibre is an open source implementation of DjVu computer file format that includes a DjVu file viewer, browser plug-in, DjVu file decoder/encoder and other utilities. A buffer overflow vulnerability exists in DjVuLibre version 3.5.27, which stems from a failure to perform zero-byte checking in...
openssl: 0-byte record padding oracle
If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...
openssl: 0-byte record padding oracle
If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...
openssl: 0-byte record padding oracle
If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...
libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read
An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory...
Rockwell Automation RSLinx Enterprise Zero Byte UDP Packet DOS
Binary data 720179.prm...
Fedora 30 : libssh2 (2019-70a9d4f970)
This update addresses various overflow conditions that could result in possible memory read/write out of bounds errors or zero byte allocations when connected to a malicious server. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...
Design/Logic Flaw
The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem...