dev-libs

Security Bug Reports

• dev-libs/libcroco: multiple vulnerabilities (CVE-2017-{8834,8871})

  621258 - Assigned to Gentoo Security
• dev-libs/crypto++: vulnerable to private key recovery (CVE-2019-14318)

  702930 - Assigned to Gentoo Security
• dev-libs/cereal: Multiple vulnerabilities (CVE-2020-{11104,11105})

  715538 - Assigned to Gentoo Security
• <dev-libs/libsass-3.6.4: multiple vulnerabilities (CVE-2019-18798)

  742491 - Assigned to Gentoo Security
• dev-libs/libtomcrypt: Out of bounds read (CVE-2019-17362)

  761412 - Assigned to Gentoo Security
• <dev-libs/xerces-c-3.2.5: XML parser contains a use-after-free error triggered during the scanning of external DTDs

  770763 - Assigned to Gentoo Security
• dev-libs/keystone: multiple vulnerabilities (CVE-2020-{36404,36405})

  799785 - Assigned to Gentoo Security
• <dev-libs/botan-2.18.2: ElGamal plaintext recovery (CVE-2021-40529)

  811906 - Assigned to Gentoo Security
• <dev-libs/crypto++-8.6.0: ElGamal plaintext recovery (CVE-2021-40530)

  811915 - Assigned to Gentoo Security
• <dev-libs/tinyxml-2.6.2-r5: infinite loop (CVE-2021-42260)

  817863 - Assigned to Gentoo Security
• <dev-libs/libxls-1.6.3: null pointer dereferences

  821517 - Assigned to Gentoo Security
• <dev-libs/libbpf-0.7.0: multiple vulnerabilities

  830368 - Assigned to Gentoo Security
• <dev-libs/uriparser-0.9.6: multiple vulnerabilities

  830665 - Assigned to Gentoo Security
• dev-libs/stb: reachable assertion in stbi__create_png_image_raw

  836241 - Assigned to Gentoo Security
• <dev-libs/oniguruma-6.9.8: oss-fuzz issues fixed

  841893 - Assigned to Gentoo Security
• <dev-libs/icu-71.1-r1: Heap buffer overflow in V8 Internationalization

  843731 - Assigned to Gentoo Security
• <dev-libs/libpcre2-10.40: multiple vulnerabilities

  845195 - Assigned to Gentoo Security
• <dev-libs/botan-2.19.3: OCSP response falsification

  881529 - Assigned to Gentoo Security
• <dev-libs/capnproto-0.10.4: out-of-bounds read

  883777 - Assigned to Gentoo Security
• <dev-libs/apr-1.7.2, <dev-libs/apr-util-1.6.3: integer overflow/wraparound in apr_encode (CVE-2022-24963)

  893406 - Assigned to Gentoo Security
• <dev-libs/libtpms-0.9.6: Out-of-bounds access

  898504 - Assigned to Gentoo Security
• <dev-libs/confuse-3.3-r2: Heap buffer overflow

  901089 - Assigned to Gentoo Security
• <dev-libs/log4cxx-1.2.0[odbc]: SQL injection

  906115 - Assigned to Gentoo Security
• <dev-libs/iniparser-4.1-r1: null pointer dereference

  907928 - Assigned to Gentoo Security
• <dev-libs/libtommath-1.2.1: Integer overflow

  913880 - Assigned to Gentoo Security
• dev-libs/zziplib: invalid memory access

  918624 - Assigned to Gentoo Security
• dev-libs/stb: multiple vulnerabilities

  918679 - Assigned to Gentoo Security
• dev-libs/crypto++: multiple vulnerabilities

  920284 - Assigned to Gentoo Security
• <dev-libs/openssl-{3.0.13, 3.1.5, 3.2.1}: multiple vulnerabilities

  921684 - Assigned to Gentoo Security
• dev-libs/modsecurity: WAF bypass

  923858 - Assigned to Gentoo Security
• <dev-libs/expat-2.6.0 quadratic runtime denial of service

  923951 - Assigned to Gentoo Security
• <dev-libs/botan-{2.19.4, 3.3.0}: Denial of service via ECC parameters

  925147 - Assigned to Gentoo Security
• <dev-libs/expat-2.6.2: vulnerable to billion laughs attacks with isolated use of external parsers

  926786 - Assigned to Gentoo Security
• <dev-libs/openssl-{3.0.13-r1, 3.1.5-r2, 3.2.1-r2}: Unbounded memory growth with session handling in TLSv1.3

  930047 - Assigned to Gentoo Security
• <dev-libs/uriparser-0.9.8: multiple vulnerabilities

  931259 - Assigned to Sebastian Pipping
• <dev-libs/openssl-{3.0.14, 3.1.6, 3.2.2}: Checking excessively long DSA keys or parameters may be very slow

  932317 - Assigned to Gentoo Security
• <dev-libs/libbson-1.24.4-r1: bson_utf8_validate on some inputs leads to an infinite loop

  936109 - Assigned to Gentoo Security
• <dev-libs/apr-1.7.5: Unexpected lax shared memory permissions

  938542 - Assigned to Gentoo Security
• <dev-libs/expat-2.6.3: multiple vulnerabilities

  938894 - Assigned to Gentoo Security
• <dev-libs/openssl-{3.0.15, 3.1.7, 3.2.3, 3.3.2}: denial of service

  939110 - Assigned to Gentoo Security
• <dev-libs/dotconf-1.4.1: Multiple vulnerabilities

  939831 - Assigned to Gentoo Security
• <dev-libs/openssl-{3.0.15-r1, 3.1.7-r1, 3.2.3-r1, 3.3.2-r1}: Low-level invalid GF(2^m) parameters lead to OOB memory access

  941643 - Assigned to Gentoo Security
• <dev-libs/expat-2.6.4 - NULL pointer dereference through function XML_ResumeParser

  942969 - Assigned to Gentoo Security
• <dev-libs/opensc-0.26.0: Multiple vulnerabilities

  945083 - Assigned to Gentoo Security
• <dev-libs/openssl-{3.1.8, 3.2.4, 3.3.3}: Timing side-channel in ECDSA signature computation

  948515 - Assigned to Gentoo Security
• <dev-libs/libtasn1-4.20.0: Denial of service

  949497 - Assigned to Gentoo Security
• <dev-libs/openssl-{3.1.8, 3.2.4, 3.3.3}: RFC7250 handshakes with unauthenticated servers don't abort as expected

  949620 - Assigned to Gentoo Security
• <dev-libs/libxslt-1.1.43: Multiple vulnerabilities

  951265 - Assigned to Gentoo Security
• <dev-libs/expat-2.7.0 can be crashed through long linear chains of entities

  951316 - Assigned to Gentoo Security
• dev-libs/olm: multiple vulnerabilities

  951441 - Assigned to Gentoo Security
• dev-libs/xmlrpc-c[-libxml2] uses vulnerable bundle of dev-libs/expat from many years ago

  952113 - Assigned to Gentoo Security
• <dev-libs/libtpms-0.10.1: Out-of-bound access in HMAC Signing

  957795 - Assigned to Gentoo Security
• <dev-libs/glib-2.82.1: Buffer overflow in set_connect_msg()

  958180 - Assigned to Gentoo Security
• <dev-libs/tinyxml2-11.0.0: Problem parsing character encodings

  958235 - Assigned to Gentoo Security
• <dev-libs/glib-2.82.5: Integer overflow in g_date_time_new_from_iso8601

  958287 - Assigned to Gentoo Security
• <dev-libs/glib-2.84.2: Buffer underflow via function g_string_insert_unichar

  958289 - Assigned to Gentoo Security
• <dev-libs/openssl-{3.4.2, 3.5.1}: x509 tool has buggy -addreject option

  959654 - Assigned to Gentoo Security
• <dev-libs/glib-2.84.4: Buffer Under-read on GLib through glib/gfileutils.c via get_tmp_file()

  961874 - Assigned to Gentoo Security
• <dev-libs/libxml2-2.13.9: Multiple vulnerabilities

  962684 - Assigned to Gentoo Security
• <dev-libs/libpcre2-10.46: Out-of-bounds read with attacker-controlled regex pattern

  962686 - Assigned to Gentoo Security
• <dev-libs/expat-2.7.3: denial of service (large use of heap from small parse input)

  962963 - Assigned to Gentoo Security
• <dev-libs/openssl-{3.0.18, 3.2.6, 3.3.5, 3.4.3, 3.5.4}: Multiple vulnerabilities

  963644 - Assigned to Gentoo Security