Astra Linux - уязвимость в exim4

A use-after-free exists in Exim 4.96 through 4.98.1, which could allow users with command-line access to escalate their privileges...

Astra Linux - уязвимость в c-ares

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and, if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files contains a NULL...

Astra Linux - уязвимость в golang-1.19

Calling any of the Parse functions in Go source code that contains //line directives with very large line numbers can lead to an infinite loop due to integer overflow...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: In the tty subsystem, for the ngsm module, a race condition occurred during the modification of the status line of a dead connection. The gsmcleanupmux function cleans up the GSM-related resources by closing all Data Link Control...

Astra Linux - уязвимость в librabbitmq

A vulnerability was discovered in the C AMQP client library also known as rabbitmq-c for RabbitMQ in versions up to 0.13.0. credentials can only be entered via the command line e.g., for amqp-publish or amqp-consume, and therefore they are visible to local attackers who can list processes along...

Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 has an improper neutralization of line delimiters, which is relevant in non-default configurations that enable Delivery Status Notification DSN. Certain uses of ORCPT= can cause a new line to be inserted into a spool header file, thereby indirectly allowing unauthenticated...

Astra Linux - уязвимость в pypy

Python versions prior to 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1, and 3.7.0 are vulnerable to catastrophic backtracking in the difflib.IS-LineJUNK method. An attacker could exploit this flaw to cause a denial of service. source-iocs-preserved const=ISLINEJUNK...

Astra Linux - уязвимость в wheel

A vulnerability was discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier. This vulnerability allows remote attackers to cause a denial of service by using attacker-controlled input to the wheel cli...

Astra Linux - уязвимость в openexr

OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf31::LineCompositeTask::execute called from IlmThread31::NullThreadPoolProvider::addTask and IlmThread31::ThreadPool::addGlobalTask. NOTE: db217f2 may be inapplicable...

Astra Linux - уязвимость в ansible

A flaw was discovered in Ansible 2.7.16 and earlier versions, as well as 2.8.8 and earlier versions, and 2.9.5 and earlier versions. When a password is set using the “password” argument of the svn module, it is used in the svn command line, thereby exposing it to other users within the same node...

Astra Linux - уязвимость в tiff

Libtiff 4.5.0 is vulnerable to a Buffer Overflow issue through the use of the extractContigSamplesShifted8bits function, located at /libtiff/tools/tiffcrop.c:3753...

Astra Linux - уязвимость в redis

Redis is an open-source, in-memory database that persists data on disk. The redis-cli command-line tool and the redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This issue arises due to a vulnerability in the hiredis...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: auxdisplay: line-display: fixed NULL dereferencing in linedisprelease. linedisprelease currently retrieves the enclosing struct linedisp via tolinedisp. This retrieval depends on the attachment list, but the attachment may have...

Astra Linux - уязвимость в golang-1.19

The “//line” directive can be used to bypass the restrictions on the “//go:cgo” directives, allowing for the passing of blocked linker and compiler flags during compilation. This can lead to the execution of arbitrary code when running “go build”. The “//line” directive requires the absolute path...

Astra Linux - уязвимость в cups-filters

“cups-filters” contains backends, filters, and other software required to make the cups printing service work on operating systems other than macOS. In “cups-filters” before version 1.28.18, an attacker could create a PDF file with a high value for “MediaBox”, causing the “pdftoraster” tool in...

Astra Linux - уязвимость в netcdf

A issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxmldecode, during the parsing of a crafted XML file, performs incorrect memory handling, resulting in an over-reading of the heap-based buffer in the “normalize line endings” feature...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: - For tty: added an option to have tty reject a new ldisc. … And this option is used to limit the number of virtual terminals to just NTTY. These terminals are somewhat special; in particular, the “conwrite” routine violates t...

Astra Linux - уязвимость в php8.1, php7.3

In PHP versions starting from 8.1. up to 8.1.32, from 8.2. up to 8.2.28, from 8.3. up to 8.3.19, and from 8.4. up to 8.4.5, when user-supplied headers are sent, insufficient validation of line-end characters may prevent certain headers from being sent or may lead to misinterpretation of certain...

Astra Linux - уязвимость в pillow

A issue was discovered in Pillow prior to version 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to handle any combination of \r and \n as line endings. This implementation uses a quadratic method of accumulating lines while searching for a line ending. A malicious EPS...

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error via the establishproxyconnection function. An attacker can corrupt stack memory by sending a specially crafted HTTP proxy response line of 1023 or more bytes without a newline terminator, potentially leading to...