CVE-2026-45865

In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "val" from the i2c bus driver. For i2c-aspeed and i2c-npcm7xx that is a stack uninitialised u8. Teste...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: mxser: fixed the xmitbuf leak in the activate function when LSR is 0xff. When LSR is 0xff in the -activate function, we return an error. As long as the -shutdown function is not called when -activate fails, nothing actually frees...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987590)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987590 advisory. In the Linux kernel, the following vulnerability has been resolved: mxser: fix xmitbuf leak in activate when LSR == 0xff When LSR is 0xff in -activate rather unlike,...

PT-2025-40683

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to out-of-bounds access during out-of-band oob write operations in rawnand brcmnand. Specifically, when the oob buffer length is not a multiple ...

frr: denial of service by crafting a BGP OPEN message with an option of type in bgp_open_option_parse in the bgp_open.c 0xff

A vulnerability was found in FRRouting. The issue occurs in bgpd in FRRouting FRR. By crafting a BGP OPEN message with an option of type 0xff Extended Length from RFC 9072, attackers may cause a denial of service assertion failure and daemon restart or out-of-bounds read. This flaw is possible du...

FRRouting 缓冲区错误漏洞

FRRouting is an open source network routing software suite from the FRRouting Project that runs on Unix-like platforms. FRRouting suffers from a buffer error vulnerability that originates from a denial of service that can be caused by crafting a BGP OPEN message with a 0xff type option...

SUSE CVE-2016-4417

Off-by-one error in epan/dissectors/packet-gsmabisoml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted packet that triggers a 0xff tag value...

PT-2022-6596 · Frrouting +3 · Frrouting +3

Name of the Vulnerable Software and Affected Versions: FRRouting versions through 8.4 Description: An issue in the bgpd component of FRRouting allows attackers to cause a denial of service by crafting a BGP OPEN message with an option of type 0xff. This is due to inconsistent boundary checks in t...

GSD-2022-1001822 mxser: fix xmit_buf leak in activate when LSR == 0xff

mxser: fix xmitbuf leak in activate when LSR == 0xff This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.33 by commit...

Design/Logic Flaw

Off-by-one error in epan/dissectors/packet-gsmabisoml.c in the GSM A-bis OML dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted packet that triggers a 0xff tag value...

UBUNTU-CVE-2016-2531

Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet that triggers a 0xff tag value, a different...

CVE-2016-2531

Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet that triggers a 0xff tag value, a different...

linux/x86-64 - Encoded execve shellcode

/ Compile with: gcc -fno-stack-protector -z execstack This execve shellcode is encoded with 0xff and is for 64 bit linux. shell: file format elf64-x86-64 Disassembly of section .text: 0000000000400080 : 400080: 48 b9 ff ff ff ff ff movabs rcx,0xffffffffffffffff 400087: ff ff ff 40008a: 49 b8 ae b...

Linux 64 bit - Encoded execve shellcode

Linux 64 bit - Encoded execve shellcode. Shellcode exploit for linx86-64 platform / Compile with: gcc -fno-stack-protector -z execstack This execve shellcode is encoded with 0xff and is for 64 bit linux. shell: file format elf64-x86-64 Disassembly of section .text: 0000000000400080 : 400080: 48 b...

LHA 1.x Multiple extract_one Buffer Overflow Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/10354/info LHA has been reported prone to multiple vulnerabilities that may allow a malicious archive to execute arbitrary code or corrupt arbitrary files when the archive is operated on. These issues are triggered in the...

UltraISO 9.3.3.2685 - CCD/IMG Universal Buffer Overflow

!/usr/bin/perl UltraISO = 9.3.3.2685 CCD/IMG Universal Buffer Overflow Exploit ---------------------------------------------------------------- Discovered and Exploited by SkD [email protected] A nice exploit for this software that was just recently patched after a few other discoveries in it...

linux/x86 execve /bin/sh IA32 0xff-less 45 bytes

No description provided by source. / 0xff-less execve /bin/sh by anathema [email protected] / include stdio.h include stdlib.h unsigned char code = / Linux/IA32 0xff-less execve shellcode. / "\x89\xe6" / movl %esp, %esi / "\x83\xc6\x30" / addl $0x30, %esi / "\xb8\x2e\x62\x69\x6e" / movl...