[SharpZipLib] Path Traversal in SharpZipLib

SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that destDir ends with slash. If th…

[SharpZipLib] Path Traversal in SharpZipLib

SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry ../evil.txt may be extracted in the parent directory of destFolder. This leads to arbitrary file write that may lead to code execution. The vulnera…

[solana_rbpf] Integer overflow in solana_rbpf

From version 0.2.14 to 0.2.16 for Solana rBPF, function “relocate” in the file src/elf.rs has an integer overflow bug because the sym.st_value is read directly from ELF file without checking. If the sym.st_value is rather large, an integer overflow is …

[bingrep] Denial of service in bingrep

Bingrep v0.8.5 was discovered to contain a memory allocation failure which can cause a Denial of Service (DoS).
References

https://nvd.nist.gov/vuln/detail/CVE-2021-39480
https://github.com/m4b/bingrep/issues/30
https://github.com/advisories/GHSA-gm68…

[ujson] Out-of-bounds Write in ujson

UltraJSON (aka ujson) 1.34 through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode).
References

https://nvd.nist.gov/vuln/detail/CVE-2021-45958
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009
htt…

[frontier] Integer underflow in Frontier

Impact
A bug in Frontier’s MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can o…