ALT-BU-2021-3726-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2021-00777
Уязвимость функции WavpackPackSamples компонента pack_utils.c аудиокодека WavPack, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-35738
WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected.
- https://github.com/dbry/WavPack/issues/91
- https://github.com/dbry/WavPack/issues/91
- [debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update
- [debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update
- FEDORA-2021-5c83efb61c
- FEDORA-2021-5c83efb61c
- FEDORA-2021-2e2fc2eac6
- FEDORA-2021-2e2fc2eac6
- FEDORA-2021-de45e7bb88
- FEDORA-2021-de45e7bb88
- FEDORA-2021-b7826fcedf
- FEDORA-2021-b7826fcedf
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-30780
Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers.
- https://github.com/lighttpd/lighttpd1.4
- https://github.com/lighttpd/lighttpd1.4
- https://github.com/p0dalirius/CVE-2022-30780-lighttpd-denial-of-service
- https://github.com/p0dalirius/CVE-2022-30780-lighttpd-denial-of-service
- https://podalirius.net/en/cves/2022-30780/
- https://podalirius.net/en/cves/2022-30780/
- https://redmine.lighttpd.net/issues/3059
- https://redmine.lighttpd.net/issues/3059