ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...

EUVD-2026-31403

An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic...

Fleet 安全漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.80.1 contained security...

OVN 安全漏洞

OVN is an open-source data center virtualization platform based on virtual network technology. OVN has a security vulnerability that arises from the lack of verification of the total length of the IP header declaration and the actual packet buffer size when generating ICMP error responses. This c...

CVE-2026-31472

CVE-2026-31472 concerns the Linux kernel, specifically the xfrm/ IPTFS path. A crafted ESP packet with an inner IPv4 header can cause an infinite loop in __input_process_payload() if the inner header has tot_len=0 or malformed ihl. The fix adds validation to reject inner packets where tot_len &lt...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use of Uninitialized Resource (CVE-2024-50033)

In the Linux kernel, the following vulnerability has been resolved: slip: make slhcremember more robust against malicious packets syzbot found that slhcremember was missing checks against malicious packets 1. slhcremember only checked the size of the packet was at least 20, which is not good...

DEBIAN-CVE-2024-50033

In the Linux kernel, the following vulnerability has been resolved: slip: make slhcremember more robust against malicious packets syzbot found that slhcremember was missing checks against malicious packets 1. slhcremember only checked the size of the packet was at least 20, which is not good...

AZL-51153 CVE-2024-50033 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: slip: make slhcremember more robust against malicious packets syzbot found that slhcremember was missing checks against malicious packets 1. slhcremember only checked the size of the packet was at least 20, which is not good...

SUSE CVE-2020-17438

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafti...

CVE-2021-31890

A vulnerability has been identified in Capital Embedded AR Classic 431-422 All versions, Capital Embedded AR Classic R20-11 All versions V2303, PLUSCONTROL 1st Gen All versions, SIMOTICS CONNECT 400 All versions V0.5.0.0, SIMOTICS CONNECT 400 All versions V1.0.0.0. The total length of an TCP...

PT-2021-6894 · Mentor Graphics +1 · Nucleus Net +10

Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 versions prior to V2303 Capital Embedded AR Classic R20-11 versions prior to V2303 PLUSCONTROL 1st Gen versions prior to the fixed version SIMOTICS CONNECT 400 versions prior to V0.5.0.0 SIMOTICS CONNECT 40...

Contiki Buffer Error Vulnerability

Contiki is an open source cross-platform operating system for IoT Internet of Things devices. Contiki 3.0 suffers from a buffer error vulnerability that stems from an inability to validate the total length of incoming packets specified in its IP header as well as the segmentation offset value...

Code Execution Vulnerability in PHP7CMS Frontend

PHP7 content management system referred to as PHP7CMS by Chunjie studio using PHP7 technology newly developed content management program. A code execution vulnerability exists in the frontend of PHP7CMS. The vulnerability is due to the IP header of PHP7CMS is written to the log file without being...

Cisco Aironet 1800 Series Access Point Denial of Service Vulnerability

The Cisco Aironet 1800 Series Access Point is a small to medium-sized wireless network access point product. The Cisco Aironet 1800 Series Access Point devices have a security vulnerability in the IP incoming packet processor due to the IP packet header not being properly input validated. It coul...