21 matches found
SUSE CVE-2026-43254
In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - fix packet extraction from stream When processing TCP stream data in ovpntcprecv, we receive large cloned skbs from strprcv that may contain multiple coalesced packets. The current implementation has two bugs: 1. Head...
EUVD-2026-27815
In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - fix packet extraction from stream When processing TCP stream data in ovpntcprecv, we receive large cloned skbs from strprcv that may contain multiple coalesced packets. The current implementation has two bugs: 1. Head...
CVE-2026-43254
In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - fix packet extraction from stream When processing TCP stream data in ovpntcprecv, we receive large cloned skbs from strprcv that may contain multiple coalesced packets. The current implementation has two bugs: 1. Head...
CVE-2026-43254
CVE-2026-43254: Linux kernel openvpn TCP stream handling corrected. Ovpn_tcp_recv now allocates a separate skb per packet and uses skb_copy_bits to copy only the packet payload, skipping the 2-byte length prefix; length checks guard allocation to prevent invalid skbs. This resolves header offset ...
CVE-2026-43254
In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - fix packet extraction from stream When processing TCP stream data in ovpntcprecv, we receive large cloned skbs from strprcv that may contain multiple coalesced packets. The current implementation has two bugs: 1...
PT-2026-37594
In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - fix packet extraction from stream When processing TCP stream data in ovpn tcp recv, we receive large cloned skbs from strp rcv that may contain multiple coalesced packets. The current implementation has two bugs: 1...
CVE-2026-32941
Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM Out-of-Memory vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an...
Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports
Summary A Remote OOM Out-of-Memory vulnerability exists in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an attacker-controlled 4-byte length prefix to allocate memory, with ServerMaxMessageSize allowing single...
GO-2026-4511 Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake in github.com/ethereum/go-ethereum
Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake in github.com/ethereum/go-ethereum...
CVE-2025-61430
Improper handling of DNS over TCP in Simple DNS Plus v9 allows a remote attacker with querying access to the DNS server to cause the server to return request payloads from other clients. This happens when the TCP length prefix is malformed len differs from actual packet len, and due to a...
CVE-2025-61430
Improper handling of DNS over TCP in Simple DNS Plus v9 allows a remote attacker with querying access to the DNS server to cause the server to return request payloads from other clients. This happens when the TCP length prefix is malformed len differs from actual packet len, and due to a...
CVE-2025-61430
Improper handling of DNS over TCP in Simple DNS Plus v9 allows a remote attacker with querying access to the DNS server to cause the server to return request payloads from other clients. This happens when the TCP length prefix is malformed len differs from actual packet len, and due to a...
PT-2025-43636
Improper handling of DNS over TCP in Simple DNS Plus v9 allows a remote attacker with querying access to the DNS server to cause the server to return request payloads from other clients. This happens when the TCP length prefix is malformed len differs from actual packet len, and due to a...
CVE-2025-61430
CVE-2025-61430 concerns Simple DNS Plus v9, where improper handling of DNS over TCP allows a remote attacker with querying access to cause the server to leak other clients’ DNS queries. The root cause is a malformed TCP length prefix (length differs from the packet) and a concurrency/buffering is...
Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
The following presentation at this year's DEF CON was brought to our attention on the Diesel Gitter Channel: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to...
PT-2024-40918 · Diesel · Diesel
Name of the Vulnerable Software and Affected Versions: Diesel versions = 2.2.2 Description: The issue concerns a SQL injection vulnerability that can be exploited by encoding a value larger than 4GiB, causing the length prefix in the protocol to overflow. This can lead to the server interpreting...
SUSE CVE-2014-0044
The opuspacketgetsamplesperframe function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service crash via a crafted length prefix value, which triggers a NULL pointer dereference or a heap-based buffer over-read aka "out-of-bounds array...
DEBIAN-CVE-2014-0044
The opuspacketgetsamplesperframe function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service crash via a crafted length prefix value, which triggers a NULL pointer dereference or a heap-based buffer over-read aka "out-of-bounds array...
UBUNTU-CVE-2014-0044
The opuspacketgetsamplesperframe function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service crash via a crafted length prefix value, which triggers a NULL pointer dereference or a heap-based buffer over-read aka "out-of-bounds array...
CVE-2006-6222
Stack-based buffer overflow in the NetBackup bpcd daemon bpcd.exe in Symantec Veritas NetBackup 5.0 before 5.0MP7, 5.1 before 5.1MP6, and 6.0 before 6.0MP4 allows remote attackers to execute arbitrary code via a long request with a malformed length prefix...