FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
2be7c122-0614-11db-9156-000e0c2e438a	hashcash -- heap overflow vulnerability Andreas Seltenreich reports that hashcash is prone to a heap overflow vulnerability. This vulnerability is caused by improper checking of memory allocations within the "array_push()" function. An attacker could trigger this vulnerability by passing a lot of "-r" or "-j" flags from the command line, this only applies when the application is configured to allow command line options, or by passing a lot of resource names when the application was started with the "-m" flag set. This could lead to a Denial or Service or could allow remote access to the targeted system. Discovery 2006-06-27 Entry 2006-06-27 hashcash < 1.22 http://secunia.com/advisories/20800/ http://www.hashcash.org/source/CHANGELOG
5ebfe901-a3cb-11d9-b248-000854d03344	hashcash -- format string vulnerability A Gentoo Linux Security Advisory reports: Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the Hashcash utility that an attacker could expose by specifying a malformed reply address. Successful exploitation would permit an attacker to disrupt Hashcash users, and potentially execute arbitrary code. Discovery 2005-03-06 Entry 2005-04-02 Modified 2005-04-03 hashcash < 1.17 CVE-2005-0687 http://www.gentoo.org/security/en/glsa/glsa-200503-12.xml

VuXML ID

Description

2be7c122-0614-11db-9156-000e0c2e438a

hashcash -- heap overflow vulnerability

Andreas Seltenreich reports that hashcash is prone to a heap overflow vulnerability. This vulnerability is caused by improper checking of memory allocations within the "array_push()" function. An attacker could trigger this vulnerability by passing a lot of "-r" or "-j" flags from the command line, this only applies when the application is configured to allow command line options, or by passing a lot of resource names when the application was started with the "-m" flag set. This could lead to a Denial or Service or could allow remote access to the targeted system.

Discovery 2006-06-27
Entry 2006-06-27
hashcash

< 1.22

http://secunia.com/advisories/20800/
http://www.hashcash.org/source/CHANGELOG

5ebfe901-a3cb-11d9-b248-000854d03344

hashcash -- format string vulnerability

A Gentoo Linux Security Advisory reports:

Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the Hashcash utility that an attacker could expose by specifying a malformed reply address.

Successful exploitation would permit an attacker to disrupt Hashcash users, and potentially execute arbitrary code.

Discovery 2005-03-06
Entry 2005-04-02
Modified 2005-04-03
hashcash

< 1.17

CVE-2005-0687
http://www.gentoo.org/security/en/glsa/glsa-200503-12.xml