Page 121 of 1907 results (0.008 seconds)

CVSS: 9.1EPSS: 2%CPEs: 6EXPL: 0

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. La biblioteca libaspell.a en GNU Aspell versiones anteriores a 0.60.8, presenta una lectura excesiva del búfer en la región stack de la memoria en la función acommon::unescape en el archivo common/getdata.cpp por medio de un carácter \ aislado. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16109 https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e https://github.com/GNUAspell/aspell/compare/rel-0.60.7...rel-0.60.8 https://lists.debian.org/debian-lts-announce/2019/10/msg00027.html https://lists.debian.org/debian-lts-announce/2021/07/msg00021.html https://usn.ubuntu.com/4155-1 https://usn.ubuntu.com/4155-2 https://www.debian.org/security/2021/dsa-4948 • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 2

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. Libntlm versiones hasta 1.5, se basa en un tamaño de búfer fijo para operaciones de lectura y escritura de las funciones tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge y tSmbNtlmAuthResponse, como es demostrado por una lectura excesiva de búfer en la región heap de la memoria en la función buildSmbNtlmAuthRequest en el archivo smbutil.c para una petición NTLM especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00032.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942145 https://gitlab.com/jas/libntlm/issues/2 https://lists.debian.org/debian-lts-announce/2020/05/msg00010.html https://lists.debian.org/debian-lts-announce/2021/11/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BVFO3OVJPMSGIXBKNOCVOJZ3UTGZQF5 • CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size. Exiv2 versión 0.27.2, permite a atacantes activar un bloqueo en la función Exiv2::getULong en el archivo types.cpp cuando es llamada desde la función Exiv2::Internal::CiffDirectory::readDirectory en el archivo crwimage_int.cpp, porque no existe comprobación de la relación del tamaño total con el desplazamiento y el tamaño. An out of bounds read vulnerability was discovered in the way exiv2 parses Canon raw format (CRW) images. An application that uses exiv2 library to parse untrusted images may be vulnerable to this flaw, which could be used by an attacker to extract data from the application's memory or make it crash. The biggest threat with this vulnerability is availability of the system. • https://github.com/Exiv2/exiv2/issues/1019 https://lists.debian.org/debian-lts-announce/2019/12/msg00001.html https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html https://usn.ubuntu.com/4159-1 https://access.redhat.com/security/cve/CVE-2019-17402 https://bugzilla.redhat.com/show_bug.cgi?id=1773683 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0

In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. En el kernel de Linux versiones hasta 5.3.2, la función cfg80211_mgd_wext_giwessid en el archivo net/wireless/wext-sme.c no rechaza un SSID IE largo, conllevando a un Desbordamiento de Búfer. A vulnerability was found in the Linux kernel's generic WiFi ESSID handling implementation. The flaw allows a system to join a wireless network where the ESSID is longer than the maximum length of 32 characters, which can cause the system to crash or execute code. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://access.redhat.com/errata/RHSA-2020:0174 https://access.redhat.com/errata/RHSA-2020:0374 https://access.redhat.com/errata/RHSA-2020:0375 https://access.redhat.com/errata/RHSA-2020:0543 https://access.redhat.com/errata/RHSA-2020:0592 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. En el archivo sf-pcapng.c en libpcap versiones anteriores a 1.9.1, no comprueba apropiadamente la longitud del encabezado PHB antes de asignar la memoria. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6 https://lists.debian.org/debian-lts-announce/2019/10/msg00031.html htt • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •