Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fixed an integer overflow in ghesestatuspoolinit. The variable numghes was changed from int to unsigned int, preventing an overflow and causing subsequent vmalloc calls to fail. The overflow occurs in...

Astra Linux – Vulnerability in libjettison-java

A stack overflow in Jettison prior to v1.5.2 allowed attackers to cause a Denial of Service DoS attack through crafted JSON data...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: This issue prevents vlag from going out of bounds in reweighteevdf. It was possible for pickeevdf to return NULL, which would lead to a NULL-deref. This issue was caused by entityeligible, which returned a falsely...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in WebGPU in Google Chrome prior to version 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in binutils

A vulnerability was identified in GNU Binutils 2.45. The affected component is the elfx8664relocatesection function in the file elf64-x86-64.c of the Linker component. This vulnerability causes a heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly...

Astra Linux – Vulnerability in openjpeg2

A flaw was discovered in the OpenJPEG project. A heap buffer overflow condition may occur when certain options are specified while using the opjdecompress utility. This could lead to an application crashing or other undefined behaviors...

Astra Linux – Vulnerability in TIF format

An integer overflow flaw was discovered in libtiff, which resides in the tifgetimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The greatest threat posed by this vulnerability relates to confidentiality, integrity, and system...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: A overflow has been prevented in the size calculation for memdupuser. The number of apqn target list entries contained in the nrapqns variable is determined by the user space through an ioctl call. Therefore, the resul...

Astra Linux – Vulnerability in GSL

A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL GNU Scientific Library, versions 2.5 and 2.6. Processing input data that is maliciously crafted for the gslstatsquantilefromsorteddata function of this library may result in unexpected application...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm: zynqmpdp: Fixed integer overflow in zynqmpdprateget This patch addresses a potential integer overflow in zynqmpdprateget. The issue arises when the expression drmdpbwcodetolinkratedp-test.bwcode 10000 is evaluated using...

Astra Linux – Vulnerability in exiv2

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying metadata of image files. A heap buffer overflow has been discovered in Exiv2 versions v0.27.3 and earlier. The heap overflow occurs when Exiv2 is used to write metadata into a specially crafted image fil...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7923: Fixed buffer overflow issues for txbuf and ringxfer. The AD7923 was updated to support devices with 8 channels, but the sizes of txbuf and ringxfer were not adjusted accordingly, resulting in a potential buffer...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing relied on cbData/remaining length, and never validated against the minimum size implied by cx/cy. A malicious server could trigger a client-side global buffer overflow, resulting in a crash...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, the NDR array reader in RDPEAR did not perform bounds checking on the number of on-wire elements, and could write beyond the heap buffer allocated from hints, resulting in a heap buffer overflow in...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/mediatek: Fixed a coverage issue related to unintentional integer overflows. 1. Instead of multiplying two variables of different types, change the approach to assigning a value to one variable and then multiplying the oth...

Astra Linux – Vulnerability in libfcgi

FastCGI fcgid2 also known as fcgi versions 2.x through 2.4.4 have a integer overflow vulnerability resulting in a heap-based buffer overflow due to crafted values for nameLen or valueLen in the data sent to the IPC socket. This issue occurs in the ReadParams function in fcgiapp.c...

Astra Linux – Vulnerability in Squid

Squid is vulnerable to a Denial of Service attack, where a remote attacker can carry out a buffer overflow attack by writing up to 2 MB of arbitrary data into heap memory when Squid is configured to accept HTTP Digest Authentication...

Astra Linux – Vulnerability in exempi

The XMP Toolkit SDK version 2020.1 and earlier is affected by a stack-based buffer overflow vulnerability that may lead to arbitrary code execution within the context of the current user. Exploitation requires user interaction—that is, the victim must open a specially crafted file...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ptp: Added an upper bound on maxvclocks. The syzbot report indicated a WARNING regarding maxvclocksstore. This issue occurs when the argument max is too large for kcalloc to handle. The protection mechanism has been extended to...

Astra Linux – Vulnerability in Nasm

A buffer overflow vulnerability exists in the scan function in stdscan.c in nasm 2.15rc0, allowing remote attackers to cause a denial of service by using crafted ASM files...