3782 matches found
CVE-2026-52954
A flaw was found in the Linux kernel's libceph component. A remote attacker could send a specially crafted CEPHMSGOSDMAP message containing a corrupted CRUSH map. If this map includes two crushchooseargmaps with identical indices, it triggers an assertion failure, leading to a kernel bug and a...
nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...
nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...
kernel: xfs: fix freemap adjustments when adding xattrs to leaf blocks
A flaw was found in the Linux kernel's XFS filesystem. When adding extended attributes xattrs, which are metadata associated with files, to leaf blocks, incorrect adjustments to the freemap can occur. This inconsistency allows the entries array and free space to overlap, leading to an assertion...
Astra Linux – Vulnerability in bind9
In BIND 9.8.5 - 9.8.8, 9.9.3 - 9.11.29, 9.12.0 - 9.16.13, and versions of BIND 9 Supported Preview Edition such as 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1, as well as the release version 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed the race condition between balance operations and cancel/pause requests. Syzbot reported a panic that appears as follows: Assertion failed: fsinfo-exclusiveoperation == BTRFSEXCLOPBALANCEPAUSED, in fs/btrfs/ioctl.c:4...
Astra Linux – Vulnerability in Redis
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command specifically, a SET command. NOTE: this issue was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have any safety guarantees related to...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
A flaw was discovered in the networking subsystem of the Linux kernel, particularly in the handling of the RPL protocol. This issue arises due to the improper handling of user-provided data, which can lead to an assertion failure. This could allow an unauthenticated remote attacker to create a...
Astra Linux – Vulnerability in libstb
stbimage.h also known as the stb image loader, version 2.23, as used in libsixel and other products, has an assertion failure in stbishiftsigned...
Astra Linux – Vulnerability in unbound
Unbound before version 1.9.5 allows assertion failures and denial of service in dnamepktcopy due to an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, an ongoing Unbound installation cannot be remotely or locally exploited...
Astra Linux – Vulnerability in libde265
There is an assertion scalinglistpredmatrixiddelta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding the file. This can allow attackers to cause a Denial of Service DoS by running the application with a crafted file, or potentially causing unspecified other impacts...
Astra Linux – Vulnerability in OpenLDAP
A flaw was discovered in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, thereby triggering an assertion failure. The greatest threat of this vulnerability is to system availability...
Astra Linux – Vulnerability in Mariadb 10.3
There is an assertion failure in MariaDB Server v10.9 and below due to the condition 'node-pcur-relpos == BTRPCURON' at /row/row0mysql.cc...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: fixed a race condition between the async reclaim worker and closectree Syzbot reported an assertion failure due to an attempt to add a delayed iput after setting BTRFSFSSTATENODELAYEDIPUT in the fsinfo state: WARNING:...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: jbd2: The assertion “jh-bfrozendata == NULL” failed when the journal was aborted. The following process will fail the assertion “jh-bfrozendata == NULL” in jbd2journaldirtymetadata: jbd2journalcommitTransaction; unlinkdir/a; jh-b...
Astra Linux – Vulnerability in bind9
In BIND 9.0.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of the Supported Preview Edition, as well as release versions 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record that...
Astra Linux – Vulnerability in OpenLDAP
A flaw was discovered in OpenLDAP before version 2.4.57. This flaw led to an assertion failure in slapd during the X.509 DN parsing in the decode.c file, specifically at the bernextelement function. This caused a denial of service...
Astra Linux – Vulnerability in liblivemedia
In liveMedia/FramedSource.cpp within Live555, up to version 1.08, an assertion failure can occur, leading to an application exit through multiple SETUP and PLAY commands...
kernel: xfs: fix freemap adjustments when adding xattrs to leaf blocks
A flaw was found in the Linux kernel's XFS filesystem. When adding extended attributes xattrs, which are metadata associated with files, to leaf blocks, incorrect adjustments to the freemap can occur. This inconsistency allows the entries array and free space to overlap, leading to an assertion...
Security update for glibc
This update for glibc fixes the following issues CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application bsc1261206. CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width 1024 bsc1262465. CVE-2026-5928: libio: ungetwc could...