Security Vulnerabilities, CVEs, Published In September 2019 (Overflow)

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.

In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc.

An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.

File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331.

Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.

Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI.

GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code.

In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst.

ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c.

ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.

ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.

PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c.

process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.

sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.

BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed.

Kilo 0.0.1 has a heap-based buffer overflow because there is an integer overflow in a calculation involving the number of tabs in one row.

An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme.

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.

Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a length field is directly used for a memcpy.

Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy.

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow