Astra Linux - уязвимость в wireshark

In Wireshark versions 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This issue was addressed in the plugin plugins/epan/wimax/msgdlmap.c by validating the length field...

PT-2026-36524

Name of the Vulnerable Software and Affected Versions Eprosima Micro-XREC-DDS Agent version 3.0.1 Description A remote attacker can cause a denial of service by sending a crafted packet to the MTU length field. Recommendations At the moment, there is no information about a newer version that...

Open-Vehicle-Monitoring-System-3 安全漏洞

Open-Vehicle-Monitoring-System-3 is an open source vehicle remote monitoring and diagnostic control system from Open Vehicles. A security vulnerability exists in Open-Vehicle-Monitoring-System-3 version 3.3.005, which stems from the length field of the GVRET binary data in canformatgvret.cpp not...

CVE-2025-63547

An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a crafted packet to the MTU length field...

Micro XRCE-DDS Agent 安全漏洞

Micro XRCE-DDS Agent is an eProsima open source proxy bridging tool for resource constrained devices to communicate with the DDS world. A security vulnerability exists in Micro XRCE-DDS Agent version 3.0.1, which stems from the MTU length field in specially crafted packets and could lead to a...

ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...

Linux Distros Unpatched Vulnerability : CVE-2026-31659

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: reject oversized global TT response buffers batadvttpreparetvlvglobaldata builds the allocation length for a global TT response in 16-bit temporarie...

CVE-2026-41429

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled by calling NBNS.begin..., the device listens on UDP...

CVE-2026-41429

CVE-2026-41429 affects the arduino-esp32 core (ESP32/ESP32-S2/ESP32-S3/ESP32-C3/ESP32-C6/ESP32-H2). The issue is a memory corruption in NBNS packet handling when NetBIOS is enabled via NBNS.begin(...); the code path listens on UDP port 137 and processes untrusted NBNS requests. The request parser...

EUVD-2026-25552

In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buffers batadvttpreparetvlvglobaldata builds the allocation length for a global TT response in 16-bit temporaries. When a remote originator advertises a large enough global TT, the ...

CVE-2026-5265

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...

CVE-2026-5265

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...

CVE-2026-6862

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...

Red Hat Enterprise Linux 10 安全漏洞

Red Hat Enterprise Linux 10 is a Linux operating system designed for enterprise users by the American company Red Hat. There is a security vulnerability in Red Hat Enterprise Linux 10. This vulnerability stems from the fact that the device path node resolver does not verify that the Length field ...

CVE-2026-40253

A flaw was found in openCryptoki, a PKCS11 Cryptographic Token Interface Standard library. The BER/DER Basic Encoding Rules/Distinguished Encoding Rules decoding functions in the shared common library do not properly validate attacker-controlled length fields against actual buffer boundaries. Thi...

CVE-2020-37216

Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the SM2 decryption process due to improper validation of the encoded C3 hash field length prior to comparison. An attacker can cause a heap buffer over-read, potentially leading to a crash or other undefined...

FreeRDP 安全漏洞

FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.24.2 contained a security vulnerability. This vulnerability stemmed from the unvalidated network read of the authlength field, which could trigger assertion failures. This could cau...

CVE-2026-23298

A flaw was found in the Linux kernel's CAN Controller Area Network ucan driver. This vulnerability allows a connected ucan device to send a message with a zero-length field. Such a message can trigger an infinite loop within the driver, causing the system to hang. This ultimately leads to a denia...

curl: SMB READ_ANDX DataOffset not validated

Summary: in smbrequeststate case SMBDOWNLOAD curl reads two server-controlled fields from a READANDX response and uses them to decide where in the receive buffer file data starts. c / lib/smb.c / len = Curlread16leconst unsigned char msg + sizeofstruct smbheader + 11; off = Curlread16leconst...