203 matches found
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: media: s5pcec: limit msglen to CECMAXMSGSIZE I expect that the hardware will have limited this value to 16, but just in case it isn’t the case, check for this corner case...
EUVD-2026-27688
In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlmsearchrsbtree The len parameter in dlmdumprsbname is not validated and comes from network messages. When it exceeds DLMRESNAMEMAXLEN, it can cause out-of-bounds write in dlmsearchrsbtree. Add length...
CVE-2026-43125
CVE-2026-43125 affects the Linux kernel dlm module. The vulnerability stems from unvalidated length in dlm_dump_rsb_name() coming from network messages, allowing an out-of-bounds write in dlm_search_rsb_tree() when the length exceeds DLM_RESNAME_MAXLEN. This could enable denial of service and, in...
ALPINE-CVE-2026-33846
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...
CVE-2026-33846
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...
CVE-2026-33846 Gnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassembly
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...
EUVD-2026-26926
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...
CVE-2026-33846
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...
GnuTLS 安全漏洞
GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. GnuTLS has a security vulnerability, which stems from the mergehandshakepacket function in the DTLS handshake reassembly logic not verifying the...
OSV-2026-608 Stack-buffer-overflow in is_http
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504809218 Crash type: Stack-buffer-overflow READ Crash state: ishttp stungetmessagelenstr FuzzStunClient.c...
can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message
...
CVE-2026-23307
A flaw was found in the Linux kernel's emsusb module. This vulnerability occurs because the system does not properly verify the length of messages it receives. An attacker could exploit this weakness by sending specially crafted messages, potentially causing the system to crash Denial of Service...
SUSE CVE-2026-23307
In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: check the proper length of a message When looking at the data in a USB urb, the actuallength is the size of the buffer passed to the driver, not the transferbufferlength which is set by the...
CVE-2026-23307
In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: check the proper length of a message When looking at the data in a USB urb, the actuallength is the size of the buffer passed to the driver, not the transferbufferlength which is set by the...
CVE-2026-23298
In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucanreadbulkcallback, hanging the system. If the lengt...
CVE-2026-23307
CVE-2026-23307 concerns the Linux kernel CAN/EMS USB code, where ems_usb_read_bulk_callback() failed to validate message lengths, reading beyond buffers because actual_length can exceed the expected transfer_buffer_length, risking overflow when parsing messages. The root cause is insufficient len...
CVE-2026-23307 can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message
In the Linux kernel, the following vulnerability has been resolved: can: emsusb: emsusbreadbulkcallback: check the proper length of a message When looking at the data in a USB urb, the actuallength is the size of the buffer passed to the driver, not the transferbufferlength which is set by the...
CVE-2026-23298
In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucanreadbulkcallback, hanging the system. If the lengt...
CVE-2022-50859
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a "smb3: add smb3.1.1 to default dialect list" extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect,...
SUSE CVE-2023-54314
In the Linux kernel, the following vulnerability has been resolved: media: af9005: Fix null-ptr-deref in af9005i2cxfer In af9005i2cxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally reach af9005i2cxfer. If...