CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2023-36478 – HTTP/2 HPACK integer overflow and buffer allocation
https://notcve.org/view.php?id=CVE-2023-36478
In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. ... However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. ... If header values exceed the size limit and Huffman is the true`MetaDataBuilder.checkSize`, the multiplication will overflow, and the length will become negative, causing a large buffer allocation on the server, leading to a Denial of Service (DoS) attack. • http://www.openwall.com/lists/oss-security/2023/10/18/4 https://github.com/eclipse/jetty.project/pull/9634 https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.16 https://github.com/eclipse/jetty.project/releases/tag/jetty-11.0.16 https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.53.v20231009 https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https:&# • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44378 – gnark vulnerable to unsoundness in variable comparison/non-unique binary decomposition
https://notcve.org/view.php?id=CVE-2023-44378
gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of `a`, for small values there exists a second decomposition for `a+r` (where `r` is the modulus the values are being reduced by). The second decomposition was possible due to overflowing the field where the values are defined. Upgrading to version 0.9.0 should fix the issue without needing to change the calls to value comparison methods. gnark es una librería zk-SNARK que ofrece una API de alto nivel para diseñar circuitos. • https://github.com/Consensys/gnark/commit/59a4087261a6c73f13e80d695c17b398c3d0934f https://github.com/Consensys/gnark/security/advisories/GHSA-498w-5j49-vqjg https://github.com/zkopru-network/zkopru/issues/116 • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-697: Incorrect Comparison •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-41175 – Libtiff: potential integer overflow in raw2tiff.c
https://notcve.org/view.php?id=CVE-2023-41175
A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. • https://access.redhat.com/errata/RHSA-2024:2289 https://access.redhat.com/security/cve/CVE-2023-41175 https://bugzilla.redhat.com/show_bug.cgi?id=2235264 • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-40745 – Libtiff: integer overflow in tiffcp.c
https://notcve.org/view.php?id=CVE-2023-40745
LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. • https://access.redhat.com/errata/RHSA-2024:2289 https://access.redhat.com/security/cve/CVE-2023-40745 https://bugzilla.redhat.com/show_bug.cgi?id=2235265 https://security.netapp.com/advisory/ntap-20231110-0005 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-43787 – Libx11: integer overflow in xcreateimage() leading to a heap overflow
https://notcve.org/view.php?id=CVE-2023-43787
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. • http://www.openwall.com/lists/oss-security/2024/01/24/9 https://access.redhat.com/errata/RHSA-2024:2145 https://access.redhat.com/errata/RHSA-2024:2973 https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two https://security.netapp.com/advisory/ntap-20231103-0006 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •