Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-0739

Summary
Assigner-openssl
Assigner Org ID-3a12439a-ef3a-4c79-92e6-6081a721f1e5
Published At-27 Mar, 2018 | 21:00
Updated At-16 Sep, 2024 | 22:35
Rejected At-
Credits

Constructed ASN.1 types with a recursive definition could exceed the stack

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:openssl
Assigner Org ID:3a12439a-ef3a-4c79-92e6-6081a721f1e5
Published At:27 Mar, 2018 | 21:00
Updated At:16 Sep, 2024 | 22:35
Rejected At:
â–¼CVE Numbering Authority (CNA)
Constructed ASN.1 types with a recursive definition could exceed the stack

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).

Affected Products
Vendor
OpenSSLOpenSSL
Product
OpenSSL
Versions
Affected
  • Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)
  • Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)
Problem Types
TypeCWE IDDescription
textN/AStack overflow
Type: text
CWE ID: N/A
Description: Stack overflow
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
unknown
url:
https://www.openssl.org/policies/secpolicy.html#Moderate
lang:
eng
value:
Moderate
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
OSS-fuzz
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://usn.ubuntu.com/3611-2/
vendor-advisory
x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4158
vendor-advisory
x_refsource_DEBIAN
https://security.gentoo.org/glsa/201811-21
vendor-advisory
x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2019:0367
vendor-advisory
x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4157
vendor-advisory
x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:3505
vendor-advisory
x_refsource_REDHAT
http://www.securityfocus.com/bid/103518
vdb-entry
x_refsource_BID
http://www.securitytracker.com/id/1040576
vdb-entry
x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:3221
vendor-advisory
x_refsource_REDHAT
http://www.securityfocus.com/bid/105609
vdb-entry
x_refsource_BID
https://usn.ubuntu.com/3611-1/
vendor-advisory
x_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html
mailing-list
x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:0366
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3090
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1711
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1712
vendor-advisory
x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
x_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20180726-0002/
x_refsource_CONFIRM
https://security.gentoo.org/glsa/202007-53
vendor-advisory
x_refsource_GENTOO
https://securityadvisories.paloaltonetworks.com/Home/Detail/133
x_refsource_CONFIRM
https://www.oracle.com//security-alerts/cpujul2021.html
x_refsource_MISC
https://www.tenable.com/security/tns-2018-07
x_refsource_CONFIRM
https://www.tenable.com/security/tns-2018-04
x_refsource_CONFIRM
https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33
x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220d
x_refsource_CONFIRM
https://www.tenable.com/security/tns-2018-06
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180330-0002/
x_refsource_CONFIRM
https://www.openssl.org/news/secadv/20180327.txt
x_refsource_CONFIRM
Hyperlink: https://usn.ubuntu.com/3611-2/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://www.debian.org/security/2018/dsa-4158
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://security.gentoo.org/glsa/201811-21
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://access.redhat.com/errata/RHSA-2019:0367
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://www.debian.org/security/2018/dsa-4157
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://access.redhat.com/errata/RHSA-2018:3505
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securityfocus.com/bid/103518
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id/1040576
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://access.redhat.com/errata/RHSA-2018:3221
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securityfocus.com/bid/105609
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://usn.ubuntu.com/3611-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://access.redhat.com/errata/RHSA-2019:0366
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2018:3090
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2019:1711
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2019:1712
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Resource:
x_refsource_MISC
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Resource:
x_refsource_MISC
Hyperlink: https://security.netapp.com/advisory/ntap-20180726-0002/
Resource:
x_refsource_CONFIRM
Hyperlink: https://security.gentoo.org/glsa/202007-53
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://securityadvisories.paloaltonetworks.com/Home/Detail/133
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.oracle.com//security-alerts/cpujul2021.html
Resource:
x_refsource_MISC
Hyperlink: https://www.tenable.com/security/tns-2018-07
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.tenable.com/security/tns-2018-04
Resource:
x_refsource_CONFIRM
Hyperlink: https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
Resource:
x_refsource_CONFIRM
Hyperlink: https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33
Resource:
x_refsource_CONFIRM
Hyperlink: https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220d
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.tenable.com/security/tns-2018-06
Resource:
x_refsource_CONFIRM
Hyperlink: https://security.netapp.com/advisory/ntap-20180330-0002/
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.openssl.org/news/secadv/20180327.txt
Resource:
x_refsource_CONFIRM
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://usn.ubuntu.com/3611-2/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://www.debian.org/security/2018/dsa-4158
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://security.gentoo.org/glsa/201811-21
vendor-advisory
x_refsource_GENTOO
x_transferred
https://access.redhat.com/errata/RHSA-2019:0367
vendor-advisory
x_refsource_REDHAT
x_transferred
https://www.debian.org/security/2018/dsa-4157
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://access.redhat.com/errata/RHSA-2018:3505
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securityfocus.com/bid/103518
vdb-entry
x_refsource_BID
x_transferred
http://www.securitytracker.com/id/1040576
vdb-entry
x_refsource_SECTRACK
x_transferred
https://access.redhat.com/errata/RHSA-2018:3221
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securityfocus.com/bid/105609
vdb-entry
x_refsource_BID
x_transferred
https://usn.ubuntu.com/3611-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html
mailing-list
x_refsource_MLIST
x_transferred
https://access.redhat.com/errata/RHSA-2019:0366
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2018:3090
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2019:1711
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2019:1712
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
x_refsource_CONFIRM
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
x_refsource_CONFIRM
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
x_refsource_CONFIRM
x_transferred
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
x_refsource_CONFIRM
x_transferred
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
x_refsource_MISC
x_transferred
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
x_refsource_MISC
x_transferred
https://security.netapp.com/advisory/ntap-20180726-0002/
x_refsource_CONFIRM
x_transferred
https://security.gentoo.org/glsa/202007-53
vendor-advisory
x_refsource_GENTOO
x_transferred
https://securityadvisories.paloaltonetworks.com/Home/Detail/133
x_refsource_CONFIRM
x_transferred
https://www.oracle.com//security-alerts/cpujul2021.html
x_refsource_MISC
x_transferred
https://www.tenable.com/security/tns-2018-07
x_refsource_CONFIRM
x_transferred
https://www.tenable.com/security/tns-2018-04
x_refsource_CONFIRM
x_transferred
https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
x_refsource_CONFIRM
x_transferred
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33
x_refsource_CONFIRM
x_transferred
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220d
x_refsource_CONFIRM
x_transferred
https://www.tenable.com/security/tns-2018-06
x_refsource_CONFIRM
x_transferred
https://security.netapp.com/advisory/ntap-20180330-0002/
x_refsource_CONFIRM
x_transferred
https://www.openssl.org/news/secadv/20180327.txt
x_refsource_CONFIRM
x_transferred
Hyperlink: https://usn.ubuntu.com/3611-2/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://www.debian.org/security/2018/dsa-4158
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201811-21
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:0367
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://www.debian.org/security/2018/dsa-4157
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:3505
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securityfocus.com/bid/103518
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id/1040576
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:3221
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securityfocus.com/bid/105609
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://usn.ubuntu.com/3611-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:0366
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:3090
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:1711
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:1712
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20180726-0002/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://security.gentoo.org/glsa/202007-53
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://securityadvisories.paloaltonetworks.com/Home/Detail/133
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.oracle.com//security-alerts/cpujul2021.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.tenable.com/security/tns-2018-07
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.tenable.com/security/tns-2018-04
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220d
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.tenable.com/security/tns-2018-06
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20180330-0002/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.openssl.org/news/secadv/20180327.txt
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:openssl-security@openssl.org
Published At:27 Mar, 2018 | 21:29
Updated At:07 Nov, 2023 | 02:51

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.06.5MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
OpenSSL
openssl
>>openssl>>Versions from 1.0.2b(inclusive) to 1.0.2n(inclusive)
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>Versions from 1.1.0(inclusive) to 1.1.0g(inclusive)
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>17.10
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-674Primarynvd@nist.gov
CWE ID: CWE-674
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlopenssl-security@openssl.org
Patch
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlopenssl-security@openssl.org
N/A
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlopenssl-security@openssl.org
N/A
http://www.securityfocus.com/bid/103518openssl-security@openssl.org
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/105609openssl-security@openssl.org
N/A
http://www.securitytracker.com/id/1040576openssl-security@openssl.org
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:3090openssl-security@openssl.org
N/A
https://access.redhat.com/errata/RHSA-2018:3221openssl-security@openssl.org
N/A
https://access.redhat.com/errata/RHSA-2018:3505openssl-security@openssl.org
N/A
https://access.redhat.com/errata/RHSA-2019:0366openssl-security@openssl.org
N/A
https://access.redhat.com/errata/RHSA-2019:0367openssl-security@openssl.org
N/A
https://access.redhat.com/errata/RHSA-2019:1711openssl-security@openssl.org
N/A
https://access.redhat.com/errata/RHSA-2019:1712openssl-security@openssl.org
N/A
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33openssl-security@openssl.org
N/A
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220dopenssl-security@openssl.org
N/A
https://lists.debian.org/debian-lts-announce/2018/03/msg00033.htmlopenssl-security@openssl.org
Third Party Advisory
https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/openssl-security@openssl.org
N/A
https://security.gentoo.org/glsa/201811-21openssl-security@openssl.org
N/A
https://security.gentoo.org/glsa/202007-53openssl-security@openssl.org
N/A
https://security.netapp.com/advisory/ntap-20180330-0002/openssl-security@openssl.org
Third Party Advisory
https://security.netapp.com/advisory/ntap-20180726-0002/openssl-security@openssl.org
N/A
https://securityadvisories.paloaltonetworks.com/Home/Detail/133openssl-security@openssl.org
N/A
https://usn.ubuntu.com/3611-1/openssl-security@openssl.org
Third Party Advisory
https://usn.ubuntu.com/3611-2/openssl-security@openssl.org
Third Party Advisory
https://www.debian.org/security/2018/dsa-4157openssl-security@openssl.org
Third Party Advisory
https://www.debian.org/security/2018/dsa-4158openssl-security@openssl.org
Third Party Advisory
https://www.openssl.org/news/secadv/20180327.txtopenssl-security@openssl.org
Vendor Advisory
https://www.oracle.com//security-alerts/cpujul2021.htmlopenssl-security@openssl.org
N/A
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlopenssl-security@openssl.org
N/A
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlopenssl-security@openssl.org
N/A
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlopenssl-security@openssl.org
N/A
https://www.tenable.com/security/tns-2018-04openssl-security@openssl.org
N/A
https://www.tenable.com/security/tns-2018-06openssl-security@openssl.org
N/A
https://www.tenable.com/security/tns-2018-07openssl-security@openssl.org
N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Source: openssl-security@openssl.org
Resource:
Patch
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/103518
Source: openssl-security@openssl.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/105609
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1040576
Source: openssl-security@openssl.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://access.redhat.com/errata/RHSA-2018:3090
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2018:3221
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2018:3505
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2019:0366
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2019:0367
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2019:1711
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2019:1712
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220d
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html
Source: openssl-security@openssl.org
Resource:
Third Party Advisory
Hyperlink: https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201811-21
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/202007-53
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20180330-0002/
Source: openssl-security@openssl.org
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20180726-0002/
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://securityadvisories.paloaltonetworks.com/Home/Detail/133
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://usn.ubuntu.com/3611-1/
Source: openssl-security@openssl.org
Resource:
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/3611-2/
Source: openssl-security@openssl.org
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2018/dsa-4157
Source: openssl-security@openssl.org
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2018/dsa-4158
Source: openssl-security@openssl.org
Resource:
Third Party Advisory
Hyperlink: https://www.openssl.org/news/secadv/20180327.txt
Source: openssl-security@openssl.org
Resource:
Vendor Advisory
Hyperlink: https://www.oracle.com//security-alerts/cpujul2021.html
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://www.tenable.com/security/tns-2018-04
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://www.tenable.com/security/tns-2018-06
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://www.tenable.com/security/tns-2018-07
Source: openssl-security@openssl.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1084Records found
CVE-2018-6544
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 43.80%
||
7 Day CHG~0.00%
Published-02 Feb, 2018 | 09:00
Updated-05 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.

Action-Not Available
Vendor-n/aDebian GNU/LinuxArtifex Software Inc.
Product-debian_linuxmupdfn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-9071
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 36.28%
||
7 Day CHG~0.00%
Published-24 Feb, 2019 | 00:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.

Action-Not Available
Vendor-n/aGNUNetApp, Inc.Canonical Ltd.
Product-ubuntu_linuxhci_management_nodesolidfirebinutilsn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2022-25313
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 33.84%
||
7 Day CHG-0.02%
Published-18 Feb, 2022 | 04:23
Updated-30 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

Action-Not Available
Vendor-libexpat_projectn/aOracle CorporationDebian GNU/LinuxFedora ProjectSiemens AG
Product-zfs_storage_appliance_kitsinema_remote_connect_serverlibexpatfedoradebian_linuxhttp_servern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2007-3409
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-18.03% / 95.33%
||
7 Day CHG~0.00%
Published-26 Jun, 2007 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.

Action-Not Available
Vendor-net-dnsn/aCanonical Ltd.Debian GNU/Linux
Product-debian_linuxubuntu_linuxnet\n/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-17450
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.08% / 78.31%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 16:21
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.

Action-Not Available
Vendor-n/aCanonical Ltd.GNUopenSUSE
Product-ubuntu_linuxbinutilsleapn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-15144
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.65% / 71.28%
||
7 Day CHG~0.00%
Published-18 Aug, 2019 | 18:30
Updated-05 Aug, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.

Action-Not Available
Vendor-djvulibre_projectn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-djvulibreubuntu_linuxdebian_linuxfedoraleapn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-12213
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 56.52%
||
7 Day CHG~0.00%
Published-20 May, 2019 | 15:05
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.

Action-Not Available
Vendor-freeimage_projectn/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-freeimageubuntu_linuxdebian_linuxfedoran/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2022-30974
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.87%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 00:00
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectArtifex Software Inc.
Product-mujsdebian_linuxfedoran/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-45105
Matching Score-10
Assigner-Apache Software Foundation
ShareView Details
Matching Score-10
Assigner-Apache Software Foundation
CVSS Score-5.9||MEDIUM
EPSS-74.02% / 98.85%
||
7 Day CHG~0.00%
Published-18 Dec, 2021 | 11:55
Updated-29 May, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Log4j2 does not always protect from infinite recursion in lookup evaluation

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

Action-Not Available
Vendor-Oracle CorporationNetApp, Inc.The Apache Software FoundationSonicWall Inc.Debian GNU/Linux
Product-6bk1602-0aa12-0tp0_firmwarebusiness_intelligenceenterprise_manager_for_peoplesoftcommunications_performance_intelligence_centerfinancial_services_analytical_applications_infrastructurecommunications_eagle_ftp_table_base_retrievalsiebel_ui_framework6bk1602-0aa42-0tp0_firmwareenterprise_manager_base_platform6bk1602-0aa32-0tp0_firmwareweb_application_firewallcommunications_pricing_design_centerhealthcare_foundationweblogic_serverutilities_frameworkagile_engineering_data_management6bk1602-0aa52-0tp0communications_webrtc_session_controllerbanking_trade_financecommunications_interactive_session_recordercommunications_session_report_managercommunications_cloud_native_core_unified_data_repositoryretail_central_officecommunications_network_integritycommunications_cloud_native_core_consoleidentity_manager_connectorcommunications_cloud_native_core_security_edge_protection_proxycommunications_diameter_signaling_routerpayment_interfaceretail_customer_insightslog4jretail_returns_managementwebcenter_portalprimavera_p6_enterprise_project_portfolio_management6bk1602-0aa22-0tp06bk1602-0aa52-0tp0_firmwarebanking_enterprise_default_managementprimavera_unifierinsurance_insbridge_rating_and_underwritingbanking_party_managementcloud_managermanagement_cloud_engineretail_price_managementcommunications_eagle_element_management_systemcommunications_cloud_native_core_policyretail_order_brokerdebian_linuxcommunications_element_managercommunications_network_charging_and_controlretail_data_extractor_for_merchandisingjdeveloper6bk1602-0aa42-0tp0data_integratorhyperion_profitability_and_cost_managementagile_plmbanking_treasury_managementretail_financial_integrationinstantis_enterprisetrackinsurance_data_gatewayretail_invoice_matchingcommunications_messaging_serverbanking_deposits_and_lines_of_credit_servicingfinancial_services_model_management_and_governanceagile_plm_mcad_connectorcommunications_evolved_communications_application_serverwebcenter_sites6bk1602-0aa12-0tp06bk1602-0aa22-0tp0_firmwareautovue_for_agile_product_lifecycle_managementbanking_loans_servicingcommunications_user_data_repositoryretail_merchandising_systembanking_paymentsflexcube_universal_bankinghyperion_infrastructure_technologye-business_suitehealth_sciences_informhyperion_data_relationship_managemententerprise_manager_ops_centerhospitality_token_proxy_servicecommunications_service_brokerhealthcare_translational_researchcommunications_unified_inventory_managementretail_order_management_systemcommunications_cloud_native_core_service_communication_proxyhealthcare_master_person_indexretail_integration_buscommunications_ip_service_activatorhyperion_tax_provisionretail_back_officecommunications_asaphyperion_bi\+retail_service_backbonecommunications_session_route_managercommunications_services_gatekeepernetwork_security_manageridentity_management_suitecommunications_cloud_native_core_network_repository_functionbanking_platformhealth_sciences_information_managermanaged_file_transfercommunications_cloud_native_core_network_function_cloud_native_environment6bk1602-0aa32-0tp0communications_convergent_charging_controllerretail_store_inventory_managementhyperion_planningpeoplesoft_enterprise_peopletoolstaleo_platformretail_predictive_application_serveremail_securitycommunications_convergencehealth_sciences_empirica_signalcommunications_billing_and_revenue_managementprimavera_gatewayhospitality_suite8retail_point-of-serviceretail_eftlinkmysql_enterprise_monitorcommunications_cloud_native_core_network_slice_selection_functionsql_developerhealthcare_data_repositoryApache Log4j2
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-1000019
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.80% / 83.26%
||
7 Day CHG~0.00%
Published-04 Feb, 2019 | 21:00
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.

Action-Not Available
Vendor-n/aFedora ProjectCanonical Ltd.Debian GNU/LinuxlibarchiveopenSUSERed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxlibarchiveenterprise_linux_workstationfedoraenterprise_linux_desktopleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-7176
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.51% / 66.78%
||
7 Day CHG~0.00%
Published-09 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-7178
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.56% / 68.78%
||
7 Day CHG~0.00%
Published-09 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-12976
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.52%
||
7 Day CHG~0.00%
Published-26 Jun, 2019 | 17:08
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2016-7424
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 47.45%
||
7 Day CHG~0.00%
Published-07 Oct, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file.

Action-Not Available
Vendor-libavn/aDebian GNU/Linux
Product-debian_linuxlibavn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-7426
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.68% / 93.86%
||
7 Day CHG~0.00%
Published-13 Jan, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.

Action-Not Available
Vendor-ntpn/aCanonical Ltd.Red Hat, Inc.Hewlett Packard Enterprise (HPE)
Product-ubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopntpenterprise_linux_server_eushpux-ntpenterprise_linux_server_ausn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-7180
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.56% / 68.78%
||
7 Day CHG~0.00%
Published-09 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-416
Use After Free
CVE-2018-19777
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 50.52%
||
7 Day CHG~0.00%
Published-30 Nov, 2018 | 09:00
Updated-12 Sep, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.

Action-Not Available
Vendor-n/aDebian GNU/LinuxArtifex Software Inc.
Product-debian_linuxmupdfn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-45944
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.23% / 79.62%
||
7 Day CHG~0.00%
Published-31 Dec, 2021 | 23:56
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).

Action-Not Available
Vendor-n/aDebian GNU/LinuxArtifex Software Inc.
Product-debian_linuxghostscriptn/a
CWE ID-CWE-416
Use After Free
CVE-2016-7177
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.56% / 68.78%
||
7 Day CHG~0.00%
Published-09 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-7179
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.68% / 72.12%
||
7 Day CHG~0.00%
Published-09 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-45930
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.91%
||
7 Day CHG-0.00%
Published-31 Dec, 2021 | 00:00
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect).

Action-Not Available
Vendor-qtn/aDebian GNU/LinuxFedora Project
Product-debian_linuxqtsvgfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45949
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.27%
||
7 Day CHG~0.00%
Published-31 Dec, 2021 | 23:54
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).

Action-Not Available
Vendor-n/aDebian GNU/LinuxArtifex Software Inc.
Product-debian_linuxghostscriptn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45942
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.45% / 64.36%
||
7 Day CHG~0.00%
Published-31 Dec, 2021 | 00:00
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.

Action-Not Available
Vendor-openexrn/aDebian GNU/LinuxFedora Project
Product-openexrdebian_linuxfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-6161
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-6.5||MEDIUM
EPSS-0.65% / 71.35%
||
7 Day CHG~0.00%
Published-12 Aug, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.

Action-Not Available
Vendor-libgdn/aDebian GNU/LinuxopenSUSE
Product-leaplibgddebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-6132
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.12% / 84.58%
||
7 Day CHG~0.00%
Published-12 Aug, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

Action-Not Available
Vendor-libgdn/aDebian GNU/LinuxopenSUSE
Product-leaplibgddebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-6207
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-8.72% / 92.70%
||
7 Day CHG~0.00%
Published-12 Aug, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.

Action-Not Available
Vendor-libgdn/aopenSUSEThe PHP GroupDebian GNU/Linux
Product-leaplibgddebian_linuxphpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-6307
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-20.87% / 95.77%
||
7 Day CHG~0.00%
Published-26 Sep, 2016 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-45343
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.30% / 53.73%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document.

Action-Not Available
Vendor-librecadn/aDebian GNU/LinuxFedora Project
Product-debian_linuxfedoralibrecadn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-5315
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.12%
||
7 Day CHG~0.00%
Published-07 Mar, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLibTIFF
Product-debian_linuxlibtiffn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-42715
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.23%
||
7 Day CHG~0.00%
Published-21 Oct, 2021 | 00:00
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.

Action-Not Available
Vendor-nothingsn/aDebian GNU/LinuxFedora Project
Product-fedoradebian_linuxstb_image.hn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-43545
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 58.38%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 21:19
Updated-04 Aug, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

Action-Not Available
Vendor-Debian GNU/LinuxMozilla Corporation
Product-firefoxthunderbirddebian_linuxfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-834
Excessive Iteration
CVE-2016-5241
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 58.23%
||
7 Day CHG~0.00%
Published-03 Feb, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.

Action-Not Available
Vendor-n/aopenSUSEDebian GNU/LinuxGraphicsMagick
Product-leapdebian_linuxgraphicsmagickopensusen/a
CVE-2019-10018
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 47.90%
||
7 Day CHG~0.00%
Published-24 Mar, 2019 | 23:10
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.

Action-Not Available
Vendor-xpdfreadern/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxxpdfdebian_linuxn/a
CWE ID-CWE-369
Divide By Zero
CVE-2019-1000020
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.90% / 76.24%
||
7 Day CHG~0.00%
Published-04 Feb, 2019 | 21:00
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.

Action-Not Available
Vendor-n/aFedora ProjectCanonical Ltd.Debian GNU/LinuxlibarchiveopenSUSERed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxlibarchiveenterprise_linux_workstationfedoraenterprise_linux_desktopleapn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-1010069
Matching Score-8
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-8
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 51.37%
||
7 Day CHG~0.00%
Published-18 Jul, 2019 | 13:47
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae.

Action-Not Available
Vendor-moinejfmoinejfDebian GNU/Linux
Product-debian_linuxabcm2psabcm2ps
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-5183
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.5||HIGH
EPSS-4.64% / 89.56%
||
7 Day CHG~0.00%
Published-21 Nov, 2008 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.

Action-Not Available
Vendor-n/aApple Inc.openSUSEDebian GNU/Linux
Product-debian_linuxmac_os_xmac_os_x_servercupsopensusen/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-3933
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.53% / 67.75%
||
7 Day CHG~0.00%
Published-25 Mar, 2022 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.

Action-Not Available
Vendor-openexrn/aDebian GNU/LinuxFedora Project
Product-openexrdebian_linuxfedoraopenexr
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-3912
Matching Score-8
Assigner-Cloudflare, Inc.
ShareView Details
Matching Score-8
Assigner-Cloudflare, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.55% / 68.56%
||
7 Day CHG~0.00%
Published-11 Nov, 2021 | 21:45
Updated-16 Sep, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OctoRPKI crashes when processing GZIP bomb returned via malicious repository

OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash).

Action-Not Available
Vendor-Debian GNU/LinuxCloudflare, Inc.
Product-octorpkidebian_linuxoctorpki
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2008-3281
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.80% / 74.59%
||
7 Day CHG~0.00%
Published-27 Aug, 2008 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.libxml2 (XMLSoft)Red Hat, Inc.Debian GNU/LinuxVMware (Broadcom Inc.)Fedora Project
Product-enterprise_linux_eusdebian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationesxenterprise_linux_desktopiphone_ossafarifedoralibxml2n/a
CWE ID-CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVE-2018-9132
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 65.10%
||
7 Day CHG~0.00%
Published-30 Mar, 2018 | 08:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

Action-Not Available
Vendor-libmingn/aDebian GNU/Linux
Product-libmingdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-5322
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.56%
||
7 Day CHG~0.00%
Published-11 Apr, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLibTIFF
Product-debian_linuxlibtiffn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-8976
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 70.27%
||
7 Day CHG~0.00%
Published-25 Mar, 2018 | 00:00
Updated-05 Aug, 2024 | 07:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.

Action-Not Available
Vendor-n/aExiv2Red Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_serverexiv2debian_linuxenterprise_linux_workstationenterprise_linux_desktopn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-11759
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.68% / 72.19%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 22:43
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.

Action-Not Available
Vendor-openexrn/aCanonical Ltd.Fedora ProjectDebian GNU/LinuxApple Inc.
Product-ubuntu_linuxitunesiphone_osdebian_linuxipadostvoswatchosfedoramac_os_xopenexricloudn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-7729
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.34% / 57.51%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 18:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp.

Action-Not Available
Vendor-exempi_projectn/aCanonical Ltd.
Product-ubuntu_linuxexempin/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-7557
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 61.12%
||
7 Day CHG~0.00%
Published-28 Feb, 2018 | 07:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2008-1672
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-18.97% / 95.48%
||
7 Day CHG~0.00%
Published-29 May, 2008 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.

Action-Not Available
Vendor-n/aCanonical Ltd.OpenSSL
Product-ubuntu_linuxopenssln/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-7872
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.66% / 71.77%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 18:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An invalid memory address dereference was discovered in the function getName in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Action-Not Available
Vendor-libmingn/aDebian GNU/Linux
Product-libmingdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-37530
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.25% / 48.46%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 20:18
Updated-04 Aug, 2024 | 01:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.

Action-Not Available
Vendor-fig2dev_projectn/aDebian GNU/Linux
Product-fig2devdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-7728
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.45% / 64.29%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 18:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp.

Action-Not Available
Vendor-exempi_projectn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxexempidebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-7726
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.50% / 66.42%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 17:00
Updated-10 Jul, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

Action-Not Available
Vendor-gdraheimn/aRed Hat, Inc.Canonical Ltd.
Product-enterprise_linux_serverubuntu_linuxzziplibenterprise_linux_workstationenterprise_linux_desktopn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 21
  • 22
  • Next
Details not found