SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that destDir ends with slash. If th…
[SharpZipLib] Path Traversal in SharpZipLib
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry ../evil.txt may be extracted in the parent directory of destFolder. This leads to arbitrary file write that may lead to code execution. The vulnera…
[solana_rbpf] Integer overflow in solana_rbpf
From version 0.2.14 to 0.2.16 for Solana rBPF, function “relocate” in the file src/elf.rs has an integer overflow bug because the sym.st_value is read directly from ELF file without checking. If the sym.st_value is rather large, an integer overflow is …
[bingrep] Denial of service in bingrep
Bingrep v0.8.5 was discovered to contain a memory allocation failure which can cause a Denial of Service (DoS).
References
https://nvd.nist.gov/vuln/detail/CVE-2021-39480
https://github.com/m4b/bingrep/issues/30
https://github.com/advisories/GHSA-gm68…
[Google.Protobuf] NULL Pointer Dereference in Protocol Buffers
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file’s name during generation of the resulting error message. Since the symbol is incorrectly parsed, the f…
[ujson] Out-of-bounds Write in ujson
UltraJSON (aka ujson) 1.34 through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode).
References
https://nvd.nist.gov/vuln/detail/CVE-2021-45958
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009
htt…
[com.hazelcast:hazelcast] Security Advisory for “Log4Shell”
Impact
A highly critical 0-day exploit (CVE-2021-44228) is found in Apache log4j 2 library on December 9, 2021.
This affects Apache log4j versions from 2.0-beta9 to 2.14.1 (inclusive).
This vulnerability allows a remote attacker to execute code on the…
[frontier] Integer underflow in Frontier
Impact
A bug in Frontier’s MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can o…
[rg.jenkins-ci.plugins:matrix-project] Stored XSS vulnerability in Matrix Project Plugin
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission….
[org.jenkins-ci.plugins:docker-commons] OS command execution vulnerability in Docker Commons Plugin
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously c…