KC

Buffer overflow in Buffer_EscapeStringValidated due to inadequate UTF-8 length checks

1

## Description When Python calls `ujson.encode(...)`, execution descends into the C extension’s `Buffer_EscapeStringValidated ` function. In its “4-byte UTF-8” branch, the code incorrectly checks, but then immediately does: ```c memcpy(&in,...

Potential Buffer Over-read Risk in aubio_sampler_load

1

## Description There is a potential vulnerability in the `aubio_sampler_load` function(src/synth.sampler.c) related to how the input URI string is copied into the `o->uri buffer`. The code allocates memory based on...

## Description Initializing a `CountMinSketch` with a very large, valid `depth` can cause a crash. In the C extension’s initialization function (`CMS_VARIANT(_init)` in `cms_common.c`), the top‐level table pointer is allocated...

Crash on Large Width Initialization due to Unchecked calloc in C Extension

1

## Description Initializing a `CountMinSketch` object with a large, valid `width` can lead to crash. The root cause lies within the C extension's initialization function (likely named `CMS_VARIANT(_init)` or similar,...

Potential Security Vulnerabilities: Type Mismatch in PyArg_ParseTuple for Size Parameter

2

## Description: In `pygit2/src/odb_backend.c`, the C functions pgit_odb_backend_read and pgit_odb_backend_read_prefix are used as callbacks for libgit2's custom ODB backend mechanism. The code passes the function parameter sz (which is of...

## Description Initializing a `Matcher` (C extension) with a large, valid set of route patterns can lead to process crash or resource exhaustion. The root cause is in `Matcher_init` (in...

## Description Japronto’s HTTP parser (cffiparser.py) will accept a `Content-Length` or chunked payload of arbitrary size, copy the entire request body into a Python buffer, and then hand it off...