4 matches found
CVE-2022-1642
The CVE describes a denial-of-service vulnerability in Swift corelibs-foundation’s JSON decoding: when decoding JSON with a numeric value that includes a fractional part, JSONDecoder could crash due to a type-mismatch between validation and casting. Affected component: swift-corelibs-foundation (...
CVE-2020-9861
CVE-2020-9861 affects Swift for Linux and describes a stack overflow triggered by deeply nested malicious JSON during parsing. The root cause is improper handling of deeply nested input in the JSON deserialization process, leading to stack exhaustion. According to the sources, the issue was addre...
CVE-2019-8790
CVE-2019-8790 involves incorrect management of file descriptors in URLSession within Apple Swift Foundation on Ubuntu, which could lead to inadvertent data disclosure. Connected sources confirm the issue affects Swift’s URLSession handling and was addressed by aligning the file descriptor logic t...
CVE-2018-4220
CVE-2018-4220 affects Apple Swift on Ubuntu 14.04 (Swift for Ubuntu). The root cause is that libraries are loaded with write and execute permissions, enabling arbitrary code execution in a privileged context. Affected software: Swift before 4.1.1 Security Update 2018-001 for Ubuntu 14.04. Impact ...