UBUNTU-CVE-2026-56789

RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64...

CVE-2026-53002

A flaw was found in the Linux kernel's netfilter conntrack module. This vulnerability arises from the use of sprintf and insufficient buffer sizing in the manglecontentlen function, which can lead to a stack-out-of-bounds write. An attacker could potentially exploit this memory corruption issue t...

EUVD-2026-38388

MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth...

gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...

EUVD-2026-38389

MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows...

CVE-2026-52984

A flaw was found in the Linux kernel's networking scheduler netem. The queue limit check in the netemenqueue function does not properly account for reordered packets, allowing the total queue occupancy to exceed its configured limit. This oversight can lead to a Denial of Service DoS condition,...

CVE-2026-53047

A flaw was found in the Linux kernel's EFI Extensible Firmware Interface capsule loader. An incorrect size calculation during memory reallocation for physical addresses can lead to an undersized buffer. This issue, specifically on 32-bit systems with Physical Address Extension PAE, may result in ...

CVE-2026-49839

jq is a command-line JSON processor. Prior to 1.8.2, jq --rawfile can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jvloadfileraw=1 reads an attacker-controlled file, it repeatedly appends file chunks to the...

CVE-2026-47770

jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in denial of service via stack exhaustion uncontrolled recursion. The crash occurs in jq's recursive...

CVE-2026-53059

A flaw was found in the Linux kernel's device-mapper log dm log component. A local attacker could exploit an integer overflow vulnerability where a 64-bit value is truncated to 32 bits, leading to undersized memory allocations. This allows for out-of-bounds writes to kernel memory during log...

EUVD-2026-39532

CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or...

CVE-2026-56790 CANBoat - Off-by-One Global Buffer Overflow in searchForPgn()

CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or...

CVE-2026-56790

CANBoat (up to version 6.22) contains an off-by-one global buffer overflow in analyzer/pgn.c:searchForPgn() that can crash the application when processing a crafted NMEA-2000 message with an out-of-range PGN sent over CAN bus or N2K-over-IP. The root cause is an out-of-bounds array access. The is...

CVE-2026-56789 RTKLIB 2.4.3 - Heap Buffer Overflow and Stack Read via Oversized RINEX Epoch Satellite Count

RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64...

CVE-2026-56789

RTKLIB 2.4.3 is affected by a heap buffer overflow and out-of-bounds stack read in readrnxobsb (src/rinex.c). The issue arises when RINEX epoch headers declare more than 64 satellites per epoch, allowing memory corruption and potentially crashing applications such as rnx2rtkp and RTKPOST. Connect...

EUVD-2026-39531

RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64...

CVE-2026-56789

RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64...

EUVD-2026-39529

RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decodessr3 function at src/rtcm3.c:1446 that allows remote attackers to trigger a global buffer overflow via crafted RTCM3 SSR messages with attacker-controlled signal mode fields. Remote attackers can exploit thi...

CVE-2026-53068

A flaw was found in the Linux kernel's drm/komeda component, specifically within the AFBC framebuffer size validation. An integer overflow occurs when calculating the required buffer size, which could allow a local attacker to provide an undersized graphics memory object. This can lead to...

CVE-2026-53078

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF socket operations sockops program. When a BPF sockops program accesses context fields with the same destination and source registers, certain macros fail to properly clear the destination register. This can lead to a...