When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination.Ī vulnerability has been identified in Solid Edge SE2021 (All versions = V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions = V2.8), APOGEE PXC Modular (BACnet) (All versions = V2.8), TALON TC Compact (BACnet) (All versions 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. X509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure. Then, 'i' gets interpreted as 105 bytes to copy from the source buffer to the destination buffer. The destination buffer is only 100 bytes long on the stack.
The first character is interpreted as a length value to be used in a memcpy call.
The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. Ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer. Dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem.
0 kommentar(er)
