As aiohttp parses anything with chunked, we can pass a chunked123 as TE, the frontend entity will ignore this header and will parse Content-Length. A possible Proof-of-Concept (POC) would be a configuration with a reverse proxy(frontend) that accepts both CL and TE headers and aiohttp as backend. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-Encoding(TE) header values are present it can lead to incorrect interpretation of two entities that parse the HTTP and we can poison other sockets with this incorrect interpretation. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c.Īiohttp is an asynchronous HTTP client/server framework for asyncio and Python. GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75. There are no known workarounds for this vulnerability. This issue has been addressed in commit `060623e` which has been included in release version. Impact is low, user interaction is required and a crash may not even happen in all situations. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. When parsing relative ex addresses one may unintentionally cause an overflow. Vim is an open source command line text editor. app/Controller/AppController.php mishandles parameter parsing. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.Īn issue was discovered in MISP before 2.4.176. This could lead to an out-of-bounds read. Santesoft Sante FFT Imaging lacks proper validation of user-supplied data when parsing DICOM files. This could allow an attacker to execute code in the context of the current process. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.ĭelta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |