CVE-2025-50681

Summary: CVE-2025-50681 affects igmpproxy 0.4 before commit 2b30c36, allowing remote attackers to cause a denial of service (application crash) by sending crafted IGMPv3 membership reports with a malicious source address. The root cause is insufficient validation in recv_igmp() in src/igmpproxy.c...

EUVD-2002-2164

Malware in sbrugna...

EUVD-2018-1115

Malware in sbrugna...

EUVD-2018-0988

Malware in sbrugna...

EUVD-2023-29413

Malicious code in bioql PyPI...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6send igmp6send can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note that we no longer can use...

CVE-2023-25458

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in GMO Internet Group, Inc. TypeSquare Webfonts for ConoHa plugin = 2.0.3 versions...

CVE-2002-2264

Unspecified vulnerability in Internet Group Management Protocol IGMP of HP Tru64 4.0F through 5.1A allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: this might be the same issue as CVE-2002-2185, but there are insufficient details to be certain...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the presence of data contention in sysctligmpqrv...

PT-2025-8871

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential issue in the Linux kernel has been identified, related to the igmp6 send function. This function can be called without the necessary synchronization, potentially leading to a...

PT-2024-9992 · Schneider Electric · Powerlogic

Name of the Vulnerable Software and Affected Versions: Schneider Electric PowerLogic versions PM5320, PM5340, and PM5341 Description: An Uncontrolled Resource Consumption issue exists, potentially causing devices to become unresponsive and resulting in communication loss when a large amount of IG...

kernel: use-after-free in IPv4 IGMP

A race condition has been discovered in the Linux kernel's Internet Group Management Protocol IGMP implementation. This vulnerability may enable an attacker to provoke an application crash or potentially escalate privileges locally. By exploiting the race condition, an adversary could disrupt the...

kernel: use-after-free in IPv4 IGMP

A race condition has been discovered in the Linux kernel's Internet Group Management Protocol IGMP implementation. This vulnerability may enable an attacker to provoke an application crash or potentially escalate privileges locally. By exploiting the race condition, an adversary could disrupt the...

kernel: use-after-free in IPv4 IGMP

A race condition has been discovered in the Linux kernel's Internet Group Management Protocol IGMP implementation. This vulnerability may enable an attacker to provoke an application crash or potentially escalate privileges locally. By exploiting the race condition, an adversary could disrupt the...

CLSA-2024-1705494763 kernel: Fix of 13 CVEs

Bluetooth: L2CAP: Fix use-after-free in l2capsockreadycb CVE-2023-40283 - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet CVE-2023-6932 - smb: client: fix OOB in smbCalcSize CVE-2023-6606 - net/sched: schhfsc: Ensure inner classes have fsc curve CVE-2023-4623 - net/sched: clsfw:...

Use-after-free in Linux kernel's ipv4: igmp component

...

The vulnerability of the igmp_start_timer() function in the net/ipv4/igmp.c module of the Linux operating system’s IGMP protocol implementation allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information, thereby increasing their privileges within the system.

The vulnerability of the igmpstarttimer function in the net/ipv4/igmp.c module, which is part of the IGMP protocol implementation in Linux kernel, relates to the reutilization of previously freed memory due to competitive access to resources i.e., during a “race condition”. Exploiting this...

DEBIAN-CVE-2023-6932

A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past...

PT-2023-7938 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be...

PT-2023-8340 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: The issue is related to a use-after-free problem in the implementation of the IGMPv2 protocol in the Linux kernel, specifically in the igmp start timer function in net/ipv4/igmp.c. Thi...