Aggregates CVE and security vulnerability intelligence across all whoopsie_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow, vendor risk denial of service, and vendor risk integer handling and related problems; some flaws may lead to vendor impact memory corruption.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-15570 | The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file. | [email protected] | 5.5 | 0.31% | 2020-07-06 | 2024-11-21 |
| CVE-2020-12135 | bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input. | [email protected] | 5.5 | 0.35% | 2020-04-24 | 2024-11-21 |
| CVE-2019-11484 | Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie. | [email protected] | 6.3 | 0.14% | 2020-02-08 | 2024-11-21 |