The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image. Heap Buffer Overflow in the erofs_read_one_data function at data.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image. This vulnerability allows attackers to cause a Denial of Service (DoS) when parsing a private key. As a workaround, disable support for fragmented IP datagrams.ĪxTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. This issue is fixed in pull request 19680. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code.
Corrupting a pointer will easily lead to denial of service.
The overflow can be used to corrupt other packets and the allocator metadata. In version 2023.01 and prior, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. This allows an attacker to execute code of their choice on an affected host by copying carefully selected data that will be executed as code.ĪMI BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to code execution, denial of service, or escalation of privileges. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. A buffer overflow was discovered in Progress DataDirect Connect for ODBC before for Oracle.
0 kommentar(er)
