use-after-free in alist_add() in Vim < v9.1.0678
Date: 15.08.2024
Severity: Low
CVE: CVE-2024-43374
CWE: Use After Free (CWE-416)
When adding a new file to the argument list, this triggers `Buf*`
autocommands. If such an autocommand wipes the buff
Hanno Böck writes:
>My impression of OpenSSL is that it has a strong tendency to ship "bloat",
>i.e., features that either barely anyone needs, but that still get added (
>remember Heartbeat extension?), or that should've been deprecated long ago.
I think it's not so much the fault of OpenSSL pe
Affected product: Dovecot IMAP Server
Internal reference: DOV-6601
Vulnerability type: CWE-770 (Allocation of Resources Without Limits or
Throttling)
Vulnerable version: 2.2, 2.3
Vulnerable component: lib-mail
Report confidence: Confirmed
Solution status: Fixed in 2.3.21.1
Researcher credits: Vend
Affected product: Dovecot IMAP Server
Internal reference: DOV-6464
Vulnerability type: CWE-770 (Allocation of Resources Without Limits or
Throttling)
Vulnerable version: 2.2, 2.3
Vulnerable component: lib-mail
Report confidence: Confirmed
Solution status: Fixed in 2.3.21.1
Researcher credits: Vend
Pat Gunn wrote:
OpenSSL is an important and security-critical piece of software; it's
important that it be maintainable, analysable for security properties, and
that at runtime people don't have to worry about weird old code paths
leading to breaches or instability.
By all means minimize the
Hello,
I have no particular insight on the prevalence of TLS 1.0/1.1 these
days, but I want to make a more general comment.
My impression of OpenSSL is that it has a strong tendency to ship
"bloat", i.e., features that either barely anyone needs, but that still
get added (remember Heartbeat extens
