$>bosh

CVE-2024-25062: A use-after-free vulnerability exists in libxml2 (≤ 2.11.6, < 2.12.5) when the XML Reader interface is used with DTD validation enabled on documents containing entity references. The b

A use-after-free vulnerability exists in libxml2 v2.11.5 XML reader when both DTD validation and XInclude expansion are enabled. During backtracking in the XML parsing state machine, nodes are freed a

CVE-2023-29469 is a vulnerability in libxml2's dictionary hashing function xmlDictComputeFastKey. When processing empty or non-null-terminated strings with namelen <= 0, the function fails to detect a

libxml2 v2.9.11 has a use-after-free vulnerability (CVE-2021-3518) in XInclude processing when handling recursive/nested includes. The XInclude context (xmlXIncludeCtxt) keeps a side-table of include

A use-after-free vulnerability exists in libxml2's XInclude processing, specifically in the xmlXIncludeAddNode function. When processing XInclude href attributes, the function builds a URI string and

In libxml2 v2.9.14, when XML contains entity reference cycles where entity content is < 5 characters, the parser corrupts the document's shared string dictionary (xmlDict). This is CVE-2022-40304. TW

CVE-2022-40304 in libxml2 v2.9.14: when crafted XML contains a cycle of internal entity references (e.g., <!ENTITY a "&b;"><!ENTITY b "&a;">), the parser's cycle-detection path mutates the entity's co

A logic bug in libxml2 v2.9.14 causes hash table (dictionary) corruption when crafted XML content triggers entity reference cycles combined with dictionary growth operations. The vulnerability occurs

CVE-2022-40303 in libxml2 v2.9.14: integer overflow during XML content parsing when XML_PARSE_HUGE is enabled. When parsing a text node larger than INT_MAX (~2.1 GB), the `int nbchar` variable in `xml

CVE-2023-0286 is a type confusion in OpenSSL's X.509 GeneralName handling. In crypto/x509/v3_genn.c, the ASN.1 template for GENERAL_NAME uses ASN1_SEQUENCE as the decode type for the x400Address field

OpenSSL 3.0.7 contains a type confusion vulnerability in the X.509 certificate validation code. When processing GENERAL_NAME structures in the Subject Alternative Name (SAN) extension, the code access

A heap buffer overflow in OpenSSL's SM2 decryption (CVE-2021-3711). The sm2_plaintext_size() function in crypto/sm2/sm2_crypt.c computes the required output buffer size using a FIXED overhead formula:

The OpenSSL SM2 decryption implementation contains a heap buffer overflow vulnerability in the plaintext size calculation. The sm2_plaintext_size() function attempts to calculate the plaintext length

OpenSSL 3.0.0–3.0.6 has a 4-byte stack buffer overflow in ossl_punycode_decode (crypto/punycode.c). When processing punycode-encoded email address name constraints in an X.509 certificate, the punycod

OpenSSL 3.0.0 through 3.0.6 contains a stack buffer overflow in the punycode decoder (ossl_punycode_decode function). An off-by-one error in the bounds check allows writing one extra unsigned int (4 b

In OpenSSL's BN_mod_sqrt() (crypto/bn/bn_sqrt.c), the Tonelli-Shanks algorithm implementation contains an infinite loop when the modulus 'p' is not actually prime. A crafted certificate with explicit

OpenSSL 1.1.1m and earlier contain a denial-of-service vulnerability (CVE-2022-0778) in BN_mod_sqrt() in crypto/bn/bn_sqrt.c. The function implements Tonelli–Shanks modular square root and is document

CVE-2022-0778 is a logic bug in OpenSSL's BN_mod_sqrt function that implements the Tonelli-Shanks algorithm for computing modular square roots. The vulnerability allows an attacker to cause an infinit

OpenSSL 1.0.1 through 1.0.1f contains CVE-2014-0160 (Heartbleed) in ssl/t1_lib.c:tls1_process_heartbeat (and ssl/d1_both.c:dtls1_process_heartbeat). The TLS heartbeat handler reads a 16-bit 'payload'

OpenSSL versions before 1.0.1g are vulnerable to the Heartbleed attack (CVE-2014-0160). The TLS heartbeat extension (RFC 6520) implementation in tls1_process_heartbeat reads a 2-byte payload length fi