Lucene search
+L

440 matches found

Github Security Blog
Github Security Blog
added 2026/05/29 8:13 p.m.20 views

zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion

Impact DNSIncoming.logexceptiondebug and the four QuietLogger exception-dedup methods stored an unbounded seenlogs dict keyed by strsys.excinfo1. The seven IncomingDecodeError messages raised from readname / decodelabelsatoffset RFC 6762 §18 name-decoding error paths all embed self.source — the...

6.5CVSS5.8AI score0.00241EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.18 views

PT-2026-45026

Name of the Vulnerable Software and Affected Versions zeroconf versions prior to 0.149.6 Description An unauthenticated host on the local link can send multicast mDNS responses with unique names to the DNSCache. async add function, causing records to accumulate in cache, expirations, expire heap,...

6.5CVSS6.1AI score0.00241EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.20 views

PT-2026-45024

Name of the Vulnerable Software and Affected Versions zeroconf versions prior to 0.149.5 Description An unauthenticated host on the local link can degrade the mDNS listener by sending a specially crafted mDNS packet. The DNSIncoming. decode labels at offset function recurses for each DNS-name...

6.5CVSS6.1AI score0.0023EPSS
Exploits0References22
RedHat Linux
RedHat Linux
added 2026/05/26 10:23 a.m.22 views

glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

A flaw was found in the GNU C library glibc. When applications use the gethostbyaddr or gethostbyaddrr functions with a nsswitch.conf configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to application...

5.4CVSS5.7AI score0.00205EPSS
Exploits1References5
OSV
OSV
added 2026/05/20 1:16 p.m.2 views

CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

7.5CVSS7AI score0.01047EPSS
Exploits0References13
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.13 views

Astra Linux – Vulnerability in glibc

The Name Service Cache Daemon’s nscd netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. This flaw was introduced in glibc 2.15, when the cache was added to nscd. This vulnerability only exists in the nscd binary...

7.4CVSS6.3AI score0.00403EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in glibc

A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nssgethostbyname2r and nssgetcanonnamer hooks without...

5.9CVSS6.6AI score0.01439EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in glibc

Calling getnetbyaddr or getnetbyaddrr with a configured nsswitch.conf that specifies the library’s DNS backend can lead to a situation where a zero-valued network is queried during operations in the GNU C Library versions 2.0 to 2.42. This could result in the leakage of stack contents to the...

7.5CVSS7AI score0.00564EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in glibc

NSCD: Stack-based buffer overflow in netgroup cache If the fixed-size cache of the Name Service Cache Daemon nscd is exhausted due to client requests, then a subsequent client request for netgroup data may lead to a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cach...

8.1CVSS7.2AI score0.0131EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 2:41 p.m.8 views

glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

A flaw was found in the GNU C library glibc. When applications use the gethostbyaddr or gethostbyaddrr functions with a nsswitch.conf configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to application...

5.4CVSS5.7AI score0.00205EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/05/12 12:0 a.m.7 views

KB5087420: Windows 11 version 23H2 Security Update (May 2026)

The remote Windows host is missing security update 5087420. It is, therefore, affected by multiple vulnerabilities - Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. CVE-2026-41096 - Use after free in Windows Hyper-V allows an...

9.8CVSS7.2AI score0.02419EPSS
Exploits4References57
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.14 views

DNSmasq 安全漏洞

DNSmasq is a DNS configuration tool developed by Simon Kelley. DNSmasq has a security vulnerability, which stems from the extractname function being exploitable, leading to a heap buffer overflow. This allows attackers to inject fake DNS cache entries, potentially redirecting DNS queries to...

7.3CVSS6.1AI score0.00754EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

DNSmasq 安全漏洞

DNSmasq is a DNS configuration tool developed by Simon Kelley. DNSmasq has a security vulnerability, which stems from a buffer overflow in the extractaddresses function. This vulnerability allows attackers to trigger heap-based out-of-bounds reads by exploiting malformed DNS responses, causing a...

7.3CVSS6AI score0.02683EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.16 views

PT-2026-38348

🟠 Hickory-DNS, CPU exhaustion due to On² name compression, CVE-2024-53618 Moderate https://t.co/cx7x7R6VZX...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/05/05 9:12 p.m.9 views

Inefficient Algorithmic Complexity

Overview Twisted is an event-based network programming and multi-protocol integration framework. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the decode function in the DNS name decompression process. An attacker can cause the server to hang and...

8.7CVSS5.8AI score0.00433EPSS
Exploits1References2
OSV
OSV
added 2026/05/03 9:57 a.m.20 views

OESA-2026-2171 sssd security update

Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy...

5.5CVSS5.8AI score0.00141EPSS
Exploits0References2
OSV
OSV
added 2026/05/03 9:56 a.m.19 views

OESA-2026-2170 sssd security update

Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy...

5.5CVSS5.8AI score0.00141EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/29 10:8 a.m.8 views

CVE-2026-35368

A flaw was found in uutils coreutils. The chroot utility, when used with the --userspec option, resolves user specifications after entering a restricted environment chroot but before relinquishing root privileges. This can cause the Name Service Switch NSS, a system for resolving system...

7.8CVSS6AI score0.00136EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.11 views

D-Link DIR-825 缓冲区错误漏洞

The D-Link DIR-825 is a router produced by D-Link Corporation. The D-Link DIR-825 3.00b32 version has a buffer error vulnerability. This vulnerability stems from the operations of the NMBDprocess function in the sserver.c file of the nmbd component, which may lead to a buffer overflow...

8.8CVSS7.7AI score0.01871EPSS
Exploits1References1
Fedora
Fedora
added 2026/04/25 1:52 a.m.7 views

[SECURITY] Fedora 44 Update: kea-3.0.3-1.fc44

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers suppor...

7.5CVSS8.7AI score0.01361EPSS
Exploits0
Rows per page
Query Builder