A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
CWE-787
CVE-2021-43299
Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled ‘filename’ argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
CVE-2021-43300
Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled ‘filename’ argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
CVE-2021-43301
Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled ‘file_names’ argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
CVE-2021-43174
NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of white space in the encoded data. The gzip scheme compresses such white space extremely well, leading to very small compressed files that become huge when being decompressed for further processing, big enough that Routinator runs out of memory when parsing input data waiting for the next XML element.
CVE-2021-43071
A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller.