Astra Linux – Vulnerability in Redis

Redis is an open-source, in-memory database that persists data on disk. A authenticated user can use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. This issue exists in all versions of Redis that support L...

Astra Linux – Vulnerability in NTP

In the mstolfp.c file within NTP 4.2.8p15, there is a buffer overflow vulnerability when a \0' character is added. An adversary may be able to attack a client ntpq process, but they cannot attack the ntpd process...

Astra Linux – Vulnerability in alsa-lib

Versions of alsa-lib from 1.2.2 up to and including 1.2.15.2, prior to the release of 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without...

Astra Linux – Vulnerability in Ruby 2.5

In the CGI gem before version 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. This method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumpti...

Astra Linux – Vulnerability in libpng1.6

LIBPNG is a reference library used in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to version 1.6.52, there was an out-of-bounds read vulnerability in libpng’s simplified API, allowing for reading of up to 10^12 bytes beyond the...

Astra Linux – Vulnerability in libpng1.6

LIBPNG is a reference library used in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Starting from version 1.6.0 until 1.6.51, there was a heap buffer overflow vulnerability in the libpng simplified API function pngimagefinishread, when processing...

Astra Linux – Vulnerability in mbedtls

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS from 2.19.1 onwards does not reduce the blinded scalar before computing the inverse. This allows a local attacker to recover the private key through side-channel attacks...

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk. A specially crafted Lua script executed in Redis can trigger a heap overflow in the cjson library, leading to heap corruption and potentially remote code execution. This issue exists in all versions of Redis that support Lua scripting,...

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted, malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger a...

Astra Linux – Vulnerability in zziplib

The infinite loop in zziplib v0.13.69 allows remote attackers to cause a denial of service by using the return value “zzipfileread” in the function “unzzipcatfile”...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: acomp – Fixed CFI failures due to type punning. To avoid crashes when control flow integrity is enabled, ensure that the workspace “stream” uses a consistent type for function calls, and invoke functions through a functio...

Astra Linux – Vulnerability in RustC

In the standard library of Rust before version 1.51.0, the Zip implementation calls iteratorgetunchecked more than once for the same index when it’s nested. This bug can lead to a memory safety violation due to a failure to meet the safety requirements of the TrustedRandomAccess trait...

Astra Linux – Vulnerability in libgit2

libgit2 is a portable C implementation of the Git core methods, provided as a linkable library with a robust API. It allows for integrating Git functionality into your application. However, using properly crafted inputs to gitindexadd can lead to heap corruption, which may be exploited for...

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...

Astra Linux – Vulnerability in RustC

In the standard library of Rust before version 1.50.0, readtoend does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow...

Astra Linux – Vulnerability in opensc

OpenSC before version 0.20.0 has a double-free issue in coolkeyfreeprivatedata, because the coolkeyaddobject function in libopensc/card-coolkey.c lacks a uniqueness check...

Astra Linux – Vulnerability in golang-go.crypto

The x/crypto/ssh package in version 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to cause a panic in an SSH server...

Astra Linux – Vulnerabilities in Firefox, Thunderbird, Expat, LibXMLTok

The lookup function in xmlparse.c within Expat also known as libexpat has an integer overflow before version 2.4.3...

Astra Linux – Vulnerability in c-ares

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and, if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files contains a NULL...