Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-31783: Prevent an invalid memory writes in compileRule · liblouis/liblouis@ff747ec

Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace.

CVE

@@ -3736,12 +3736,14 @@ compileRule(FileInfo *file, TranslationTableHeader **table,
case CTO_SeqAfterExpression: if (!getRuleCharsText(file, &ruleChars)) return 0; for ((*table)->seqAfterExpressionLength = 0; (*table)->seqAfterExpressionLength < ruleChars.length; (*table)->seqAfterExpressionLength++) (*table)->seqAfterExpression[(*table)->seqAfterExpressionLength] = ruleChars.chars[(*table)->seqAfterExpressionLength]; (*table)->seqAfterExpression[(*table)->seqAfterExpressionLength] = 0; if ((ruleChars.length + 1) > SEQPATTERNSIZE) { compileError(file, "More than %d characters", SEQPATTERNSIZE); return 0; } for (int k = 0; k < ruleChars.length; k++) (*table)->seqAfterExpression[k] = ruleChars.chars[k]; (*table)->seqAfterExpression[ruleChars.length] = 0; (*table)->seqAfterExpressionLength = ruleChars.length; return 1;
case CTO_CapsModeChars:

Related news

Gentoo Linux Security Advisory 202301-06

Gentoo Linux Security Advisory 202301-6 - Multiple vulnerabilities have been discovered in liblouis, the worst of which could result in denial of service. Versions less than 3.22.0 are affected.

Ubuntu Security Notice USN-5476-1

Ubuntu Security Notice 5476-1 - Han Zheng discovered that Liblouis incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. This issue was addressed in Ubuntu 21.10 and Ubuntu 22.04 LTS. It was discovered that Liblouis incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907