CVE-2026-39824

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString a 16-bit number of bytes, it returns a truncated string rather than an error...

CVE-2026-45686 OpenTelemetry eBPF Instrumentation: Memcached payload length overflow can crash OBI

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When parsing...

PT-2026-43310

FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS PATH attribute encoder. In src/bgp protocol.hpp, the IPv4UnicastAnnounce::get attributes function computes attribute length as 'sizeofbgp as path segment element t + this-as path asns.size sizeofuint32 t' and...

CVE-2026-39824

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString a 16-bit number of bytes, it returns a truncated string rather than an error...

CVE-2026-39824

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString a 16-bit number of bytes, it returns a truncated string rather than an error...

EUVD-2026-31498

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString a 16-bit number of bytes, it returns a truncated string rather than an error...

CVE-2026-39824

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString a 16-bit number of bytes, it returns a truncated string rather than an error...

PT-2026-42829

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The NewNTUnicodeString function does not check for string length overflow. When provided with a string that exceeds the maximum size of a NTUnicodeString a 16-bi...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from an unchecked string length overflow. This vulnerability may lead to the return of...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: block: fixed an overflow in blkioctldiscard. There is no check for an overflow of ‘start + len’ in blkioctldiscard. A hanging task may occur if a discard ioctl is submitted with the following parameters: start = 0x80000000000ff00...

Astra Linux - уязвимость в gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. A OOB-read vulnerability has been identified in the gstavisubtitleparsegab2chunk function within gstavisubtitle.c. This function reads the namelength value directly from the input file without properly checking it. As a...

Astra Linux - уязвимость в nbd

In nbd-server in nbd before 3.24, there is an integer overflow that leads to a heap-based buffer overflow. A value of 0xffffffff in the name length field causes a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue occurs for the NBDOPTINFO,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Add a overflow check in sgxvalidateoffsetlength The sgxvalidateoffsetlength function verifies the "offset" and "length" arguments provided by the user space. However, there was a lack of an overflow check when these...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ext4: inline: fix len overflow in ext4prepareInlinedata When running the following code on an ext4 filesystem with the inlinedata feature enabled, the following bug will occur: c fd = open"file1", ORDWR | OCREAT | OTRUNC, 0666;...

PT-2026-41791

Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions 0.7.0 through 0.8.x Description An integer overflow exists in the memcached text protocol parser of OpenTelemetry eBPF Instrumentation OBI. When parsing memcached storage commands such as set, add,...

CVE-2026-42854

Summary: The Arduino-ESP32 core is affected by a stack overflow in the WebServer multipart boundary parser. A boundary derived from the HTTP header (Content-Type: multipart/form-data; boundary=...) with length > ~8000 can overflow the 8192-byte loopTask stack, potentially enabling remote code ...

CLSA-2026-1778602853 Fix CVE(s): CVE-2026-7598

SECURITY UPDATE: fix integer overflow in usernamelen bounds checks across userauthlist, userauthpassword and password change paths in src/userauth.c - debian/patches/CVE-2026-7598.patch: fix integer overflow in usernamelen bounds checks across userauthlist, userauthpassword and password change...

PT-2026-40311

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...

CVE-2026-43368

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential overflow of shmem scatterlist length When a scatterlists table of a GEM shmem object of size 4 GB or more is populated with pages allocated from a folio, unsigned int .length attribute of a scatterlist may...

CVE-2026-43368

The CVE-2026-43368 entry concerns the Linux kernel DRM/i915 component (GEM shmem objects). A overflow can occur in the unsigned int .length field of a scatterlist when a scatterlists table for a GEM shmem object of 4 GB or more is built from folio-allocated pages, causing the total byte length of...