Astra Linux – Vulnerability in Linux, Linux 5.10

preallocelemsandfreelist in kernel/bpf/stackmap.c in the Linux kernel before version 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow, resulting in an out-of-bounds write...

Astra Linux – Vulnerability in ntfs-3g

In NTFS-3G versions before version 2021.8.22, when a specially crafted MFT section is provided in an NTFS image, a heap buffer overflow may occur, allowing code execution...

Astra Linux – Vulnerability in xwayland, xorg-server

A flaw was discovered in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when calculating the request length, allowing a client to bypass the length checks...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fixed maxsge overflow in smbextractfolioqtordma This fixes the following issue: 749.901015 T8673 ran fstests cifs/001 on 2025-06-17 09:40:30 750.346409 T9870...

Astra Linux – Vulnerability in dcmtk

DCMTK through version 3.6.6 does not handle string copying properly. When specific requests are sent to the dcmqrdb program, it queries its database and copies the result, even if the result is null. This can lead to a head-based overflow. An attacker can use this vulnerability to launch a DoS...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: do not trust the firmware’s nChannels value. If the firmware sends us a corrupted MCC response where nChannels is much larger than what the command response can handle, we might copy too much uninitialized...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: bcm – Fix pointer arithmetic In spu2dumpomd, the value of ptr is increased by ciphkeylen, instead of hashivlen. This could lead to exceeding the buffer boundaries. This bug has been fixed by changing ciphkeylen to...

Astra Linux – Vulnerability in Git

Git is a distributed revision control system. git log can display commits in an arbitrary format using its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute. When processing the padding operators, there is an integer overflow in...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: uaccess: A integer overflow has been fixed in the accessok function. On three architectures, the end of a user’s access is checked against the address limit, without considering the possibility of an overflow. Passing a negative...

Astra Linux – Vulnerability in xrdp

xrdp is an open-source project that provides a graphical login to remote machines using the Microsoft Remote Desktop Protocol RDP. xrdp versions prior to 0.9.21 contain a buffer overflow in the xrdpmmchandatain function. There are no known workarounds for this issue. Users are advised to upgrade...

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. In affected versions, there is a Global-Buffer-Overflow in the ncrushdecompress function. Feeding crafted input into this function can trigger the overflow, which has only been shown to cause a...

Astra Linux – Vulnerability in wavpack

WavPack 5.3.0 has a buffer overflow vulnerability in WavpackPackSamples in packUtils.c, due to an integer overflow in a malloc argument. NOTE: Some third-party developers claim that there are later “unofficial” versions up to 5.3.2, which are also affected...

Astra Linux – Vulnerability in aom

The file aomdsp/noisemodel.c in the libaom library within AOMedia, dated before March 24, 2021, contains a buffer overflow vulnerability...

Astra Linux – Vulnerability in GhostScript

In Artifex Ghostscript version 10.01.0, there is a buffer overflow that may lead to corruption of data within the PostScript interpreter, specifically in the bcp/sbcp.c file. This issue affects functions such as BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled just...

Astra Linux – Vulnerability in ncurses

A buffer overflow vulnerability exists in the postprocessterminfo function in tinfo/parseentry.c:997 within ncurses 6.1. This vulnerability allows remote attackers to cause a denial of service by using crafted commands...

Astra Linux – Vulnerability in virglrenderer

A heap-based buffer overflow in the vrendrenderertransferwriteiov function in vrendrenderer.c in virglrenderer from version 0.8.0 allows guest OS users to cause a denial of service, or a QEMU guest-to-host escape and code execution, through VIRGLCCMDRESOURCEINLINEWRITE commands...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: NFSD: prevents integer overflow on 32-bit systems. On a 32-bit system, the operation “len sizeofp” can lead to an integer overflow...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Ensure that the index calculations will never overflow. WHY & HOW Ensure that the calculations of vmid0p72idx, vnom0p8idx, and vmax0p9idx will never cause the array size to overflow. This fix addresses 3...

Astra Linux – Vulnerability in gpac

A heap-based buffer overflow vulnerability exists in gpac version 2.3-DEV-rev588-g7edc40fee-master, allowing remote attackers to execute arbitrary code and cause a denial of service DoS via the gffwrite component in atutils/osfile.c...

Astra Linux – Vulnerability in Zabbix

The vulnerability is caused by an improper check to ensure that RDLENGTH does not overflow the buffer in response from the DNS server...