Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-17846

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-22 Dec, 2017 | 23:00
Updated At-05 Aug, 2024 | 21:06
Rejected At-
Credits

An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:22 Dec, 2017 | 23:00
Updated At:05 Aug, 2024 | 21:06
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
x_refsource_MISC
https://lists.debian.org/debian-security-announce/2017/msg00333.html
x_refsource_MISC
https://www.mail-archive.com/enigmail-users%40enigmail.net/msg04280.html
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2017/12/msg00021.html
mailing-list
x_refsource_MLIST
https://www.debian.org/security/2017/dsa-4070
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
Resource:
x_refsource_MISC
Hyperlink: https://lists.debian.org/debian-security-announce/2017/msg00333.html
Resource:
x_refsource_MISC
Hyperlink: https://www.mail-archive.com/enigmail-users%40enigmail.net/msg04280.html
Resource:
x_refsource_MISC
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/12/msg00021.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://www.debian.org/security/2017/dsa-4070
Resource:
vendor-advisory
x_refsource_DEBIAN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
x_refsource_MISC
x_transferred
https://lists.debian.org/debian-security-announce/2017/msg00333.html
x_refsource_MISC
x_transferred
https://www.mail-archive.com/enigmail-users%40enigmail.net/msg04280.html
x_refsource_MISC
x_transferred
https://lists.debian.org/debian-lts-announce/2017/12/msg00021.html
mailing-list
x_refsource_MLIST
x_transferred
https://www.debian.org/security/2017/dsa-4070
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://lists.debian.org/debian-security-announce/2017/msg00333.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.mail-archive.com/enigmail-users%40enigmail.net/msg04280.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/12/msg00021.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://www.debian.org/security/2017/dsa-4070
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:27 Dec, 2017 | 17:08
Updated At:20 Apr, 2025 | 01:37

An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

enigmail
enigmail
>>enigmail>>Versions before 1.9.9(exclusive)
cpe:2.3:a:enigmail:enigmail:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdfcve@mitre.org
Third Party Advisory
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2017/12/msg00021.htmlcve@mitre.org
N/A
https://lists.debian.org/debian-security-announce/2017/msg00333.htmlcve@mitre.org
Third Party Advisory
https://www.debian.org/security/2017/dsa-4070cve@mitre.org
Third Party Advisory
https://www.mail-archive.com/enigmail-users%40enigmail.net/msg04280.htmlcve@mitre.org
N/A
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdfaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2017/12/msg00021.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.debian.org/debian-security-announce/2017/msg00333.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.debian.org/security/2017/dsa-4070af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.mail-archive.com/enigmail-users%40enigmail.net/msg04280.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
Source: cve@mitre.org
Resource:
Third Party Advisory
Vendor Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/12/msg00021.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.debian.org/debian-security-announce/2017/msg00333.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2017/dsa-4070
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.mail-archive.com/enigmail-users%40enigmail.net/msg04280.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Vendor Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/12/msg00021.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.debian.org/debian-security-announce/2017/msg00333.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2017/dsa-4070
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.mail-archive.com/enigmail-users%40enigmail.net/msg04280.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2437Records found

CVE-2018-11357
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.02% / 83.00%
||
7 Day CHG~0.00%
Published-22 May, 2018 | 21:00
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20698
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.26% / 48.94%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 05:15
Updated-06 Nov, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clam AntiVirus (ClamAV) Denial of Service Vulnerability

A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.

Action-Not Available
Vendor-Canonical Ltd.ClamAVCisco Systems, Inc.Debian GNU/Linux
Product-ubuntu_linuxclamavdebian_linuxClamAV
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-1060
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.23% / 78.31%
||
7 Day CHG~0.00%
Published-18 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.Python Software FoundationDebian GNU/LinuxCanonical Ltd.Fedora Project
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_workstationfedoraenterprise_linux_desktoppythonansible_towerpython
CWE ID-CWE-20
Improper Input Validation
CVE-2018-1061
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.03% / 76.37%
||
7 Day CHG-0.35%
Published-19 Jun, 2018 | 12:00
Updated-05 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.Python Software FoundationDebian GNU/LinuxCanonical Ltd.Fedora Project
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_workstationfedoraenterprise_linux_desktoppythonansible_towerpython
CWE ID-CWE-20
Improper Input Validation
CVE-2018-1000168
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.08% / 88.09%
||
7 Day CHG~0.00%
Published-08 May, 2018 | 15:00
Updated-09 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.

Action-Not Available
Vendor-nghttp2n/aNode.js (OpenJS Foundation)Debian GNU/Linux
Product-debian_linuxnode.jsnghttp2n/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2015-7691
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.22% / 90.50%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxRed Hat, Inc.Oracle CorporationNetApp, Inc.
Product-oncommand_unified_managerlinuxoncommand_performance_managerenterprise_linux_desktopenterprise_linux_server_ausenterprise_linux_server_tusenterprise_linux_workstationclustered_data_ontapenterprise_linux_server_eusdebian_linuxenterprise_linux_serverntpdata_ontapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7558
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.43% / 79.85%
||
7 Day CHG+0.22%
Published-20 May, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.

Action-Not Available
Vendor-n/aDebian GNU/LinuxThe GNOME Project
Product-debian_linuxlibrsvgn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7692
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.32% / 90.58%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxRed Hat, Inc.Oracle CorporationNetApp, Inc.
Product-oncommand_unified_managerlinuxoncommand_performance_managerenterprise_linux_desktopenterprise_linux_server_ausenterprise_linux_server_tusenterprise_linux_workstationclustered_data_ontapenterprise_linux_server_eusdebian_linuxenterprise_linux_serverntpdata_ontapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5726
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.87% / 74.25%
||
7 Day CHG~0.00%
Published-13 May, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data.

Action-Not Available
Vendor-botan_projectn/aDebian GNU/Linux
Product-debian_linuxbotann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5230
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.55%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:32
Updated-06 Aug, 2024 | 06:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets.

Action-Not Available
Vendor-powerdnsPowerDNSDebian GNU/Linux
Product-debian_linuxauthoritativePowerDNS Authoritative Server
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5194
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-11.83% / 93.46%
||
7 Day CHG~0.00%
Published-21 Jul, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxCanonical Ltd.SUSERed Hat, Inc.Fedora Project
Product-enterprise_linux_desktopenterprise_linux_workstationfedoralinux_enterprise_serveropenstack_cloudenterprise_linux_serverdebian_linuxmanager_proxylinux_enterprise_debuginfoenterprise_linux_hpc_nodeubuntu_linuxntpmanagern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5195
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-10.40% / 92.91%
||
7 Day CHG~0.00%
Published-21 Jul, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.Fedora Project
Product-enterprise_linux_desktopenterprise_linux_workstationfedoraenterprise_linux_serverdebian_linuxenterprise_linux_hpc_nodeubuntu_linuxntpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9262
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.56% / 67.30%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9259
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.19%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-9762
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.84% / 85.68%
||
7 Day CHG~0.00%
Published-13 May, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap.

Action-Not Available
Vendor-enlightenmentn/aDebian GNU/Linux
Product-debian_linuximlib2n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-9764
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.61% / 80.99%
||
7 Day CHG~0.00%
Published-13 May, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file.

Action-Not Available
Vendor-enlightenmentn/aDebian GNU/Linux
Product-debian_linuximlib2n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-7815
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.85% / 87.72%
||
7 Day CHG~0.00%
Published-14 Nov, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

Action-Not Available
Vendor-n/aSUSEQEMURed Hat, Inc.Debian GNU/LinuxCanonical Ltd.
Product-enterprise_linuxenterprise_linux_serverenterprise_linux_server_ausqemulinux_enterprise_serverenterprise_linux_eusenterprise_linux_desktopubuntu_linuxenterprise_linux_workstationlinux_enterprise_desktopdebian_linuxvirtualizationn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3710
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.49% / 88.67%
||
7 Day CHG~0.00%
Published-05 Nov, 2014 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

Action-Not Available
Vendor-n/aThe PHP GroupDebian GNU/LinuxCanonical Ltd.
Product-debian_linuxubuntu_linuxphpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-4617
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.03% / 91.75%
||
7 Day CHG~0.00%
Published-25 Jun, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.

Action-Not Available
Vendor-gnupgn/aDebian GNU/LinuxopenSUSE
Product-debian_linuxgnupgopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3589
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.98% / 75.86%
||
7 Day CHG~0.00%
Published-25 Aug, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.

Action-Not Available
Vendor-n/aPython Software FoundationDebian GNU/LinuxopenSUSE
Product-opensusepillowpython-imagingn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-10077
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.36% / 79.35%
||
7 Day CHG-0.03%
Published-06 Nov, 2018 | 16:00
Updated-06 Aug, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.

Action-Not Available
Vendor-i18n_projectn/aDebian GNU/Linux
Product-i18ndebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-14598
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.13% / 77.39%
||
7 Day CHG~0.00%
Published-24 Aug, 2018 | 19:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).

Action-Not Available
Vendor-n/aFedora ProjectDebian GNU/LinuxCanonical Ltd.X.Org Foundation
Product-debian_linuxlibx11fedoraubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-14369
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.63% / 69.32%
||
7 Day CHG~0.00%
Published-19 Jul, 2018 | 02:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-wiresharkdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-25275
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.64% / 88.87%
||
7 Day CHG~0.00%
Published-04 Jan, 2021 | 16:19
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.

Action-Not Available
Vendor-n/aFedora ProjectDebian GNU/LinuxDovecot
Product-debian_linuxfedoradovecotn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-9022
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.83% / 73.54%
||
7 Day CHG~0.00%
Published-08 Jun, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.

Action-Not Available
Vendor-strongswann/aDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxstrongswandebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7747
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.04% / 83.12%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-6469
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.15%
||
7 Day CHG~0.00%
Published-04 Mar, 2017 | 03:38
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-6471
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.15%
||
7 Day CHG~0.00%
Published-04 Mar, 2017 | 03:38
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-6468
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.15%
||
7 Day CHG~0.00%
Published-04 Mar, 2017 | 03:38
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-2669
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-3.7||LOW
EPSS-7.13% / 91.17%
||
7 Day CHG~0.00%
Published-21 Jun, 2018 | 13:00
Updated-05 Aug, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang.

Action-Not Available
Vendor-[UNKNOWN]Debian GNU/LinuxDovecot
Product-debian_linuxdovecotdovecot
CWE ID-CWE-20
Improper Input Validation
CVE-2020-15503
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.77% / 72.53%
||
7 Day CHG~0.00%
Published-02 Jul, 2020 | 00:00
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.

Action-Not Available
Vendor-librawn/aDebian GNU/LinuxFedora Project
Product-librawdebian_linuxfedoran/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7704
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-53.09% / 97.87%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxRed Hat, Inc.Citrix (Cloud Software Group, Inc.)McAfee, LLCNetApp, Inc.
Product-oncommand_unified_manageroncommand_performance_managerenterprise_linux_desktopenterprise_linux_server_ausenterprise_linux_server_tusenterprise_linux_workstationclustered_data_ontapxenserverenterprise_linux_server_eusdebian_linuxenterprise_linux_serverenterprise_security_managerntpdata_ontapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-1382
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.21% / 83.78%
||
7 Day CHG~0.00%
Published-03 Feb, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.

Action-Not Available
Vendor-privoxyn/aDebian GNU/LinuxopenSUSE
Product-debian_linuxprivoxyopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4078
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.43% / 79.84%
||
7 Day CHG~0.00%
Published-09 Jun, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxopenSUSE
Product-wiresharkdebian_linuxopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-20273
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.82% / 85.60%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 13:11
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off.

Action-Not Available
Vendor-privoxyn/aDebian GNU/Linux
Product-privoxydebian_linuxprivoxy
CWE ID-CWE-20
Improper Input Validation
CVE-2020-9430
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.61% / 87.32%
||
7 Day CHG~0.00%
Published-27 Feb, 2020 | 22:06
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/LinuxFedora ProjectopenSUSE
Product-wiresharkdebian_linuxfedoraleapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-36332
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.31%
||
7 Day CHG~0.00%
Published-21 May, 2021 | 16:21
Updated-04 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.

Action-Not Available
Vendor-webmprojectn/aRed Hat, Inc.NetApp, Inc.Debian GNU/Linux
Product-ontap_select_deploy_administration_utilitylibwebpdebian_linuxenterprise_linuxlibwebp
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2017-13704
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-79.32% / 99.04%
||
7 Day CHG~0.00%
Published-02 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.

Action-Not Available
Vendor-thekelleysn/aDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.Fedora ProjectNovell
Product-enterprise_linux_desktopenterprise_linux_workstationfedoradnsmasqleapdebian_linuxenterprise_linux_serverubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9578
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.47% / 87.08%
||
7 Day CHG~0.00%
Published-27 Jul, 2018 | 21:00
Updated-06 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.

Action-Not Available
Vendor-spice_projectDebian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationspiceenterprise_linux_desktopspice
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-20
Improper Input Validation
CVE-2017-16612
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.56% / 87.24%
||
7 Day CHG~0.00%
Published-01 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.X.Org Foundation
Product-ubuntu_linuxdebian_linuxlibxcursorn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-9469
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.19% / 83.70%
||
7 Day CHG~0.00%
Published-07 Jun, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.

Action-Not Available
Vendor-irssin/aDebian GNU/Linux
Product-debian_linuxirssin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8820
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-0.82% / 73.34%
||
7 Day CHG~0.00%
Published-03 Dec, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010.

Action-Not Available
Vendor-tor_projectn/aDebian GNU/Linux
Product-tordebian_linuxTor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-8821
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-1.00% / 76.06%
||
7 Day CHG~0.00%
Published-03 Dec, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the OpenSSL library to ask the user for the password, aka TROVE-2017-011.

Action-Not Available
Vendor-tor_projectn/aDebian GNU/Linux
Product-tordebian_linuxTor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-9349
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.81% / 73.28%
||
7 Day CHG~0.00%
Published-02 Jun, 2017 | 05:04
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-9233
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.20%
||
7 Day CHG~0.00%
Published-25 Jul, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

Action-Not Available
Vendor-libexpat_projectn/aDebian GNU/LinuxPython Software Foundation
Product-libexpatdebian_linuxpythonn/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-8819
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-0.55% / 66.83%
||
7 Day CHG~0.00%
Published-03 Dec, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue.

Action-Not Available
Vendor-tor_projectn/aDebian GNU/Linux
Product-tordebian_linuxTor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9
CVE-2001-0457
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.74% / 71.96%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion).

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CVE-2017-7867
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.12% / 77.33%
||
7 Day CHG~0.00%
Published-14 Apr, 2017 | 04:30
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.

Action-Not Available
Vendor-icu-projectn/aDebian GNU/Linux
Product-international_components_for_unicodedebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-7805
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-4.83% / 89.11%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-21 Oct, 2024 | 13:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxthunderbirddebian_linuxFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2017-7651
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-7.5||HIGH
EPSS-19.29% / 95.14%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 14:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol.

Action-Not Available
Vendor-Debian GNU/LinuxEclipse Foundation AISBL
Product-mosquittodebian_linuxEclipse Mosquitto
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 48
  • 49
  • Next
Details not found