netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a crafted TLS Transport Layer Security ClientHello message. This can lead to an eager allocation of a large memory buffer, causing a Denial of Service DoS due to excessive memor...

netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a crafted TLS Transport Layer Security ClientHello message. This can lead to an eager allocation of a large memory buffer, causing a Denial of Service DoS due to excessive memor...

ROS-20260615-73-0041

The vulnerability of the yuvensurebuffer function in the RDP client FreeRDP is related to incorrect calculations of the size of the buffer allocated. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending specially crafted NAL packets...

UBUNTU-CVE-2026-45416

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates...

EUVD-2026-36436

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates...

CVE-2026-45416

Netty CVE-2026-45416 affects pre-4.1.135.Final and pre-4.2.15.Final versions. In SslClientHelloHandler.decode(), the 24-bit TLS handshake length is read and, if a ClientHello does not fit in the first record, Netty eagerly allocates ctx.alloc().buffer(handshakeLength). If maxClientHelloLength is ...

QEMU calc_image_hostmem Integer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of QEMU. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the virtio-gpu driver. Th...

UBUNTU-CVE-2026-46305

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: osdep: avoid NULL pointer dereference in rtwcbufalloc The return value of kzallocflex is used without ensuring that the allocation succeeded, and the pointer is dereferenced unconditionally. Guard the access t...

CVE-2026-46305

The CVE relates to the Linux kernel staging area, specifically rtl8723bs os_dep code in rtw_cbuf_alloc. The bug occurs when kzalloc_flex() allocation fails and the code dereferences the resulting pointer unconditionally, leading to a NULL pointer dereference. The patch adds a guard to the allocat...

CVE-2026-44004

A flaw was found in vm2 before 3.11.0. Sandboxed code can call Buffer.alloc with arbitrary size to allocate on the host heap synchronously; vm2 timeout cannot interrupt the native C++ call, allowing a single request to exhaust host memory and crash the process. Fixed in 3.11.0. Mitigation Upgrade...

CVE-2026-46272

In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WARNON in tmcetrenablehw is triggered sometimes: WARNING: CPU: 42 PID: 3911571 at...

CVE-2026-46272

The CVE-2026-46272 issue is a race in the Linux kernel CoreSight TMC ETR driver that occurs when sysfs and perf modes are enabled concurrently. A WARN_ON in tmc_etr_enable_hw() can trigger due to a race between the two critical regions (sysfs buffer allocation vs. hardware enablement). The fix ad...

SUSE CVE-2026-46188

In the Linux kernel, the following vulnerability has been resolved: octeonepvf: add NULL check for napibuildskb napibuildskb can return NULL on allocation failure. In octepvfoqprocessrx, the result is used directly without a NULL check in both the single-buffer and multi-fragment paths, leading t...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a bo leak that occurs when the xedmabufinitobj function fails during allocation in the drm/xe...

Linux Distros Unpatched Vulnerability : CVE-2026-48690

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packetstorage.hpp, the...

CVE-2026-48690

FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packetstorage.hpp, the allocatebuffer function computes memorysizeinbytes as 'buffersizeinpackets maxcapturedpacketsize + sizeoffastnetmonpcappkthdrt +...

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov. It is based on multiple packet capture engines. Versions of FastNetMon Community Edition prior to 1.2.9 contained a security vulnerability caused by integer overflow during the allocation of packet capture buffers,...

CVE-2026-48690

CVE-2026-48690 affects FastNetMon Community Edition up to v1.2.9. The issue is an integer overflow in the packet capture buffer allocation: allocate_buffer() computes memory_size_in_bytes as buffer_size_in_packets * (max_captured_packet_size + sizeof(fastnetmon_pcap_pkthdr_t)) + sizeof(fastnetmon...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: A NULL cpubuffer was checked in ringbufferwakewaiters. On some machines, the number of listed CPUs may be larger than the actual CPUs that exist. The tracing subsystem allocates a per-CPU directory with access to the...

Unchecked `CryptoVec` allocation and growth handling

CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation and locking paths. In affected russh releases, attacker-controlled input could reach these code paths through buffer resizing operations. Two affected reachability paths were identified: Current russh...