Memcached 资源管理错误漏洞

Memcached is the United States Brad Fitzpatrick Brad Fitzpatrick individual developers of a high-performance distributed memory object caching system. The system reduces the number of database reads by caching data and objects in memory, thus increasing the speed of website access. A security...

PT-2023-4544 · Tp Link · Tapo L530 +5

Name of the Vulnerable Software and Affected Versions: TPLink Smart Bulb Tapo series L530 versions 1.0.0 through 1.1.9 TPLink Smart Bulb Tapo series L510E version 1.0.8 TPLink Smart Bulb Tapo series L630 version 1.0.3 TPLink Smart Bulb Tapo series P100 version 1.4.9 TPLink Smart Camera Tapo serie...

TP-LINK Smart bulb Tapo 安全漏洞

TP-LINK Smart bulb Tapo is a smart bulb from China P&L TP-LINK. A security vulnerability exists in TP-LINK Smart bulb Tapo, which stems from a vulnerability that allows a remote attacker to obtain sensitive information via authentication code in UDP messages...

kernel: remote DoS in TIPC kernel module

A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipclinkxmit hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization...

c-ares: 0-byte UDP payload Denial of Service

A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service...

The vulnerability of the UDPv6 network protocol implementation in Linux operating systems allows attackers to cause service failures.

The vulnerability of the UDPv6 network protocol implementation in Linux operating systems is related to concurrent access to the dstentry structure during a race condition, due to the lack of synchronization in the sksetupcaps function within the net/core/sock.c module. Exploiting this...

c-ares: 0-byte UDP payload Denial of Service

A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service...

PHOENIX CONTACT FL/TC MGUARD 输入验证错误漏洞

The PHOENIX CONTACT FL/TC MGUARD is a series of routers from PHOENIX Electric Germany. An input validation error vulnerability exists in the PHOENIX CONTACT FL/TC MGUARD that stems from a vulnerability that allows UDP packets to bypass filtering rules and access the uniquely connected device behi...

OESA-2023-1312 c-ares security update

This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need to perform multiple Security Fixes: c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a...

CVE-2023-32067

...

AZL-26921 CVE-2023-32067 affecting package grpc for versions less than 1.42.0-8

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...

SUSE CVE-2023-32067

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...

kernel: remote DoS in TIPC kernel module

A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipclinkxmit hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization...

kernel: udp: Fix a data-race around sysctl_udp_l3mdev_accept.

In the Linux kernel, the following vulnerability has been resolved: udp: Fix a data-race around sysctludpl3mdevaccept. While reading sysctludpl3mdevaccept, it can be changed concurrently. Thus, we need to add READONCE to its reader...

kernel: udp: Fix a data-race around sysctl_udp_l3mdev_accept.

In the Linux kernel, the following vulnerability has been resolved: udp: Fix a data-race around sysctludpl3mdevaccept. While reading sysctludpl3mdevaccept, it can be changed concurrently. Thus, we need to add READONCE to its reader...

net-snmp: NULL Pointer Exception when handling pv6IpForwarding

A flaw was found in Net-SNMP. This issue occurs because the handleipv6IpForwarding in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP has a NULL Pointer Exception that could allow a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in a denial of service...

CVE-2023-29552

The Service Location Protocol SLP, RFC 2608 allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor...

PT-2023-19805 · Riot-Os · Riot-Os

Name of the Vulnerable Software and Affected Versions: RIOT-OS versions prior to 2022.10 Description: The issue arises from a type confusion between IPv6 extension headers and a UDP header while encoding a 6LoWPAN IPHC header in the network stack. This type confusion results in an out of bounds...

UBUNTU-CVE-2023-29552

The Service Location Protocol SLP, RFC 2608 allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor...

CVE-2023-1133

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remote...