CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34453 – snappy-java's Integer Overflow vulnerability in shuffle leads to DoS
https://notcve.org/view.php?id=CVE-2023-34453
Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error. The function `shuffle(int[] input)` in the file `BitShuffle.java` receives an array of integers and applies a bit shuffle on it. ... Since the length is not tested, the multiplication by four can cause an integer overflow and become a smaller value than the true size, or even zero or negative. ... This issue could allow an attacker to send malicious input to trigger an overflow error that crashes the program, resulting in a denial of service. • https://github.com/xerial/snappy-java/blob/05c39b2ca9b5b7b39611529cc302d3d796329611/src/main/java/org/xerial/snappy/BitShuffle.java#L107 https://github.com/xerial/snappy-java/blob/master/src/main/java/org/xerial/snappy/BitShuffle.java https://github.com/xerial/snappy-java/commit/820e2e074c58748b41dbd547f4edba9e108ad905 https://github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf https://access.redhat.com/security/cve/CVE-2023-34453 https://bugzilla.redhat.com/show_bug.cgi?id=2215393 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0701
https://notcve.org/view.php?id=CVE-2021-0701
In PVRSRVBridgeSyncPrimOpCreate of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. • https://source.android.com/security/bulletin/2023-06-01 •
CVSS: 9.8EPSS: 2%CPEs: 25EXPL: 0CVE-2023-32014 – Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-32014
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32014 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29369 – Remote Procedure Call Runtime Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-29369
Remote Procedure Call Runtime Denial of Service Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29369 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.0EPSS: 0%CPEs: 23EXPL: 0CVE-2023-29364 – Windows Authentication Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-29364
Windows Authentication Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29364 • CWE-190: Integer Overflow or Wraparound •