CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could allow an attacker to cause a crash, and perform a denail of service attack.

@@ -1465,7 +1465,7 @@ static int r\_cmd\_java\_call(void \*user, const char \*input) {

if (input\[4\] != ' ') {

return r\_cmd\_java\_handle\_help (core, input);

}

for (; i < END\_CMDS; i++) {

for (; i < END\_CMDS - 1; i++) {

//IFDBG r\_cons\_printf ("Checking cmd: %s %d %s\\n", JAVA\_CMDS\[i\].name, JAVA\_CMDS\[i\].name\_len, p);

IFDBG r\_cons\_printf ("Checking cmd: %s %d\\n", JAVA\_CMDS\[i\].name,

strncmp (input+5, JAVA\_CMDS\[i\].name, JAVA\_CMDS\[i\].name\_len));

Headline

CVE-2020-27793: Fix unmatched array length in core_java.c (issue #16304) (#16313) · radareorg/radare2@ced0223

CVE: Latest News