Page 69 of 521 results (0.016 seconds)

CVSS: 7.5EPSS: 13%CPEs: 33EXPL: 0

CVE-2017-3135 – Combination of DNS64 and RPZ Can Lead to Crash

https://notcve.org/view.php?id=CVE-2017-3135

Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1. En ciertas condiciones, al emplear DNS64 y RPZ para rescribir respuestas a consultas, el procesamiento de consultas puede continuar de forma inconsistente, lo que puede conducir a un fallo de aserción de INSIST o a un intento para leer a través de un puntero NULL. Afecta a BIND en su versión 9.8.8, desde la versión 9.9.3-S1 hasta la 9.9.9-S7, desde la versión 9.9.3 hasta la 9.9.9-P5, la versión 9.9.10b1, desde la versión 9.10.0 hasta la 9.10.4-P5, la versión 9.10.5b1, desde la versión 9.11.0 hasta la 9.11.0-P2 y a la versión 9.11.1b1. A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. • http://rhn.redhat.com/errata/RHSA-2017-0276.html http://www.securityfocus.com/bid/96150 http://www.securitytracker.com/id/1037801 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us https://kb.isc.org/docs/aa-01453 https://security.gentoo.org/glsa/201708-01 https://security.netapp.com/advisory/ntap-20180926-0005 https://www.debian.org/security/2017/dsa-3795 https://access.redhat.com/security/cve/CVE-2017-3135 https:/ • CWE-476: NULL Pointer Dereference •

CVSS: 8.1EPSS: 0%CPEs: 15EXPL: 1

CVE-2017-6011 – icoutils: Buffer overflow in the simple_vec function

https://notcve.org/view.php?id=CVE-2017-6011

An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool. Se descubrió un problema en icoutils 0.31.1. Se ha observado una lectura fuera de límites que conduce a un desbordamiento de búfer en la función "simple_vec" en el archivo fuente "extract.c". • http://rhn.redhat.com/errata/RHSA-2017-0837.html http://www.debian.org/security/2017/dsa-3807 http://www.securityfocus.com/bid/96267 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854054 https://security.gentoo.org/glsa/201801-12 https://access.redhat.com/security/cve/CVE-2017-6011 https://bugzilla.redhat.com/show_bug.cgi?id=1422908 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •

CVSS: 8.1EPSS: 0%CPEs: 15EXPL: 1

CVE-2017-6010 – icoutils: Buffer overflow in the extract_icons function

https://notcve.org/view.php?id=CVE-2017-6010

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash. Se descubrió un problema en icoutils 0.31.1. Se observó un desbordamiento de búfer en la función "extract_icons" en el archivo fuente "extract.c". • http://rhn.redhat.com/errata/RHSA-2017-0837.html http://www.debian.org/security/2017/dsa-3807 http://www.securityfocus.com/bid/96288 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854054 https://security.gentoo.org/glsa/201801-12 https://access.redhat.com/security/cve/CVE-2017-6010 https://bugzilla.redhat.com/show_bug.cgi?id=1422907 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 8.1EPSS: 0%CPEs: 15EXPL: 1

CVE-2017-6009 – icoutils: Buffer overflow in the decode_ne_resource_id function

https://notcve.org/view.php?id=CVE-2017-6009

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool. Se descubrió un problema en icoutils 0.31.1. • http://rhn.redhat.com/errata/RHSA-2017-0837.html http://www.debian.org/security/2017/dsa-3807 http://www.securityfocus.com/bid/96292 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854050 https://security.gentoo.org/glsa/201801-12 https://access.redhat.com/security/cve/CVE-2017-6009 https://bugzilla.redhat.com/show_bug.cgi?id=1422906 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 3

CVE-2016-9560 – jasper: stack-based buffer overflow in jpc_dec_tileinit()

https://notcve.org/view.php?id=CVE-2016-9560

Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image. El desbordamiento del búfer basado en la pila en la función jpc_tsfb_getbands2 en jpc_tsfb.c en JasPer antes de la versión 1.900.30 permite a los atacantes remotos tener un impacto no especificado a través de una imagen manipulada • http://www.debian.org/security/2017/dsa-3785 http://www.openwall.com/lists/oss-security/2016/11/20/1 http://www.openwall.com/lists/oss-security/2016/11/23/5 http://www.securityfocus.com/bid/94428 https://access.redhat.com/errata/RHSA-2017:1208 https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-9560 https://github.com/mdadams/jasper& • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •