CVE Vulnerability

CWE-770

CVE-2022-32206

by

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.

CVE-2022-3212

by

::from_request would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large (or infinite) body your server might run out of memory and crash. This also applies to these extractors which used Bytes::from_request internally: axum::extract::Form axum::extract::Json String

CVE-2022-32037

by

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg.

CVE-2022-32039

by

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient.

CVE-2022-32040

by

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm.

CVE-2022-32041

by

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData.