In man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chunk and the fd, bk, fd_nextsize, bk_nextsize of the current chunk. The next chunk is then freed later on, causing a freeing of an arbitrary amount of memory.
Category Archives: Advisories
CVE-2020-10735
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(“text”), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
python3.9-3.9.14-1.fc37
FEDORA-2022-6d57598a23
Packages in this update:
python3.9-3.9.14-1.fc37
Update description:
Update to 3.8.14
Contains security fix for CVE-2020-10735
python3.9-3.9.14-1.fc36
FEDORA-2022-46a44a7f83
Packages in this update:
python3.9-3.9.14-1.fc36
Update description:
Update to 3.8.14
Contains security fix for CVE-2020-10735
python3-docs-3.10.7-1.fc35 python3.10-3.10.7-1.fc35
FEDORA-2022-ac82a548df
Packages in this update:
python3.10-3.10.7-1.fc35
python3-docs-3.10.7-1.fc35
Update description:
Update to 3.10.7
Contains security fix for CVE-2020-10735
python3.10-3.10.7-1.fc37
FEDORA-2022-f330bbfda2
Packages in this update:
python3.10-3.10.7-1.fc37
Update description:
Update to 3.10.7
Contains security fix for CVE-2020-10735
Don’t use custom installation schemes.
python3.8-3.8.14-1.fc37
FEDORA-2022-dd5032bedf
Packages in this update:
python3.8-3.8.14-1.fc37
Update description:
Update to 3.8.14
Contains security fix for CVE-2020-10735
python3.8-3.8.14-1.fc35
FEDORA-2022-29d436596f
Packages in this update:
python3.8-3.8.14-1.fc35
Update description:
Update to 3.8.14
Contains security fix for CVE-2020-10735
python3.8-3.8.14-1.fc36
FEDORA-2022-66b65beccb
Packages in this update:
python3.8-3.8.14-1.fc36
Update description:
Update to 3.8.14
Contains security fix for CVE-2020-10735
Trojan.Win32.Autoit.fhj / Named Pipe Null DACL
Posted by malvuln on Sep 08
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/d871836f77076eeed87eb0078c1911c7_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Trojan.Win32.Autoit.fhj
Vulnerability: Named Pipe Null DACL
Family: Autoit
Type: PE32
MD5: d871836f77076eeed87eb0078c1911c7
Vuln ID: MVID-2022-0638
Disclosure: 09/06/2022
Description: The malware creates two processes…