Google protobuf buffer error vulnerability

Cross-boundary memory write

Google protobuf is a data exchange format of Google (Google). A buffer error vulnerability exists in Google protobuf. A remote attacker could exploit this vulnerability to execute code.

Google Guava Code Issue Vulnerability

Resource allocation without limits or adjustments

Google Guava is a Java core library of Google (Google), including graphics library, function type, I/O and string processing. A code issue vulnerability exists in Google Guava versions 11.0 through 24.1.1 (excluding 24.1.1). This vulnerability stems from improper design or implementation problems in the code development process of network systems or products.

Google Guava Access Control Error Vulnerability

Incorrect permission grant for critical resource

Google Guava is a Java core library of Google (Google), including graphics library, function type, I/O and string processing. There is an access control error vulnerability in Guava before version 30.0. The vulnerability stems from a temporary directory creation vulnerability in Guava, which allows an attacker with access to the machine to potentially access files created by Guava com.google.common.io.Files.createTempDir() Data in the temporary directory created. An attacker could exploit this vulnerability to access special directories.

Google protobuf security vulnerability

incorrect sequence of actions

Google protobuf is a data exchange format of Google (Google). There is a security vulnerability in protobuf-java that allows a small malicious payload to tie up the parser for several minutes by creating a large number of short-lived objects causing frequent, repeated pauses.

com.fasterxml.jackson.core:jackson-core has a resource management error vulnerability

resource management error

com.fasterxml.jackson.core:jackson-core is a Core Jackson abstraction, the basic JSON streaming API implementation. Affected versions of this package are vulnerable to a Denial of Service (DoS) attack. If a REST endpoint uses a POST request with JSON or XML data and the data is invalid, print the first unrecognized token to server.log. .If the first token is a word of length 10MB, print the entire word. This is potentially dangerous and can be used to attack the server by filling the disk with logs.

Jackson-core BigDecimal type handles OOM problems

resource management error

com.fasterxml.jackson.core:jackson-core is a core Jackson abstraction, the basic JSON streaming API implementation. Affected versions of this package are prone to OOM when dealing with BigDecimal types, resulting in denial of service (DoS).

no more content

Failed to load, please refresh the page

#Core #Tools #Homepage #Documentation #Downloads #Core #Model #Toolkit #News Fast Delivery

Leave a Comment

Your email address will not be published. Required fields are marked *