Lucene search
K

226 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-6686

FatFs R0.16 and earlier contains an uninitialized cluster exposure when flseek extends files beyond EOF without zero-filling newly allocated clusters. This maps to CWE-908 Use of Uninitialized Resource. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 4.6, Medium. The...

4.6CVSS0.00163EPSS
Exploits2References4
CVE
CVE
added 2 days ago8 views

CVE-2026-6686

FatFs CVE-2026-6686 affects FatFs R0.16 and earlier. The issue is an uninitialized cluster exposure when f_lseek() extends a file beyond EOF without zero-filling newly allocated clusters, mapping to CWE-908 (Use of Uninitialized Resource). The root cause is not zero-filling or initializing cluste...

4.6CVSS5.8AI score0.00163EPSS
Exploits2References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-6686

FatFs R0.16 and earlier contains an uninitialized cluster exposure when flseek extends files beyond EOF without zero-filling newly allocated clusters. This maps to CWE-908 Use of Uninitialized Resource. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 4.6, Medium. The...

4.6CVSS5.8AI score0.00163EPSS
Exploits2References5
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40998

FatFs R0.16 and earlier contains an uninitialized cluster exposure when flseek extends files beyond EOF without zero-filling newly allocated clusters. This maps to CWE-908 Use of Uninitialized Resource. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 4.6, Medium. The...

4.6CVSS5.8AI score0.00163EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-11972

A flaw was found in the Python tarfile module. When processing a specially crafted tar archive opened in 'streaming mode' mode='r|', the module does not properly handle the end-of-file EOF condition. This can cause the tarfile module to enter an infinite loop, leading to a Denial of Service DoS f...

8.2CVSS5.7AI score0.00433EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 12:30 a.m.10 views

EUVD-2026-38630

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, meaning an archive could be parsed in an infinite loop...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 11:16 p.m.11 views

CVE-2026-11972

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS0.00433EPSS
Exploits0References9
OSV
OSV
added 2026/06/23 11:16 p.m.3 views

UBUNTU-CVE-2026-11972

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References5
OSV
OSV
added 2026/06/23 10:2 p.m.5 views

PSF-2026-31

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/23 10:2 p.m.37 views

CVE-2026-11972 tarfile opened in streaming mode mishandles EOF

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS0.00433EPSS
Exploits0References9
CVE
CVE
added 2026/06/23 10:2 p.m.44 views

CVE-2026-11972

CVE-2026-11972: The Python tarfile module may loop indefinitely when parsing archives opened in streaming mode (mode="r|") due to improper EOF handling. Affects the tarfile parsing path and could cause high impact availability issues; the description confirms the root cause but the connected docu...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/06/23 10:2 p.m.6 views

CVE-2026-11972 tarfile opened in streaming mode mishandles EOF

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/23 10:2 p.m.6 views

CVE-2026-11972

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51603

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The tarfile module fails to properly handle the End of File EOF when a file is opened in streaming mode mode="r|". This can lead to a situation where an archive is parsed in an infinite loop...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References17
OSV
OSV
added 2026/06/19 8:46 p.m.4 views

GHSA-VQ2F-VCC9-J8MV Python Liquid: Infinite loop when parsing malformed `{% case %}` tags

Impact Given a malformed % case % tag without associated % when % or % else % block, and no terminating % endcase % tag, Python Liquid hangs in an infinite loop at parse time. This allows malicious template authors to craft templates for a denial of service attack. Patches The issue is fixed in...

5.3CVSS5.8AI score
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in libxpm

A flaw was discovered in libXpm. This issue occurs when parsing a file with a comment that is not closed properly; the “end-of-file” condition will not be detected, leading to an infinite loop and causing a Denial of Service in the application that uses the library...

7.5CVSS6.6AI score0.01284EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: - In blkdeviomapbegin, the EOF check has been refined. - In blkdeviomapbegin, the offset is rounded down to the logical block size before being stored in iomap-offset. It is also checked that the size remains within the inode...

5.5CVSS5.7AI score0.00207EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Golang-1.15

In Go, encoding/xml in versions before 1.15.9 and 1.16.x before 1.16.1 may lead to an infinite loop if a custom TokenReader used for xml.NewTokenDecoder returns EOF midway through an element. This issue can occur in the Decode, DecodeElement, or Skip methods...

7.5CVSS7.4AI score0.02543EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: netfs: Fixed the pre-flush behavior when appending to a file in writethrough mode. In netfsperformwrite, when the file is marked as NETFSICTXWRITETHROUGH or OSYNC or RWFSYNC, write-through caching is performed on a buffered file...

7.8CVSS6.2AI score0.00204EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: netfs: Fixed the early read unlock of pages with an EOF condition in the middle. The collection of read results for buffered reads sometimes progresses ahead of the completion of subrequests under certain circumstances. This can ...

7.1CVSS5.7AI score0.00117EPSS
Exploits0References1
Rows per page
Query Builder