1562 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed a signedness bug in smbdirectpreparenegotiation. The function smbdirectpreparenegotiation casts a unsigned u32 value from sp-maxrecvsize and req-preferredsendsize into a signed int before calculating mintint, .......
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: Fixed the signedness in the thislen calculation. When importing and using buffers, buf-len is considered unsigned. However, buf-len is converted to a signed integer during commit operations. This can lead to...
Astra Linux - уязвимость в u-boot
In Das U-Boot through 2022.07-rc5, an integer signedness error and resulting stack-based buffer overflow occur in the “i2c md” command, which allows for the corruption of the return address pointer of the doi2cmd function...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed the signedness bug in sdmav40processtrapirq The “instance” variable needs to be signed for error handling to work properly...
freerdp: FreeRDP global-buffer-overflow
A global buffer overflow flaw has been discovered in FreeRDP. This global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = 0 can be...
SUSE CVE-2011-2662
Integer signedness error in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message...
SUSE CVE-2026-43185
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix signededness bug in smbdirectpreparenegotiation smbdirectpreparenegotiation casts an unsigned u32 value from sp-maxrecvsize and req-preferredsendsize to a signed int before computing mintint, .... A maliciously provide...
CVE-2026-43405 libceph: Use u32 for non-negative values in ceph_monmap_decode()
In the Linux kernel, the following vulnerability has been resolved: libceph: Use u32 for non-negative values in cephmonmapdecode This patch fixes unnecessary implicit conversions that change signedness of bloblen and nummon in cephmonmapdecode. Currently bloblen and nummon are signed int variable...
CVE-2026-43185
A flaw was found in ksmbd within the Linux kernel. A remote attacker can exploit a signedness bug in the smbdirectpreparenegotiation function by sending a specially crafted preferredsendsize value during SMB direct negotiation. This manipulation leads to an incorrect size calculation, allowing a...
EUVD-2026-27748
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix signededness bug in smbdirectpreparenegotiation smbdirectpreparenegotiation casts an unsigned u32 value from sp-maxrecvsize and req-preferredsendsize to a signed int before computing mintint, .... A maliciously provide...
CVE-2026-43185
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix signededness bug in smbdirectpreparenegotiation smbdirectpreparenegotiation casts an unsigned u32 value from sp-maxrecvsize and req-preferredsendsize to a signed int before computing mintint, .... A maliciously provide...
CVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation()
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix signededness bug in smbdirectpreparenegotiation smbdirectpreparenegotiation casts an unsigned u32 value from sp-maxrecvsize and req-preferredsendsize to a signed int before computing mintint, .... A maliciously provide...
CVE-2026-43185
In Linux kernel ksmbd, a signedness bug in smb_direct_prepare_negotiation() casts unsigned __u32 values from sp->max_recv_size and req->preferred_send_size to signed int before min_t(). A crafted preferred_send_size of 0x80000000 can be treated as smaller than max_recv_size, enabling a subs...
CVE-2026-43185
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix signededness bug in smbdirectpreparenegotiation smbdirectpreparenegotiation casts an unsigned u32 value from sp-maxrecvsize and req-preferredsendsize to a signed int before computing mintint, .... A maliciously provide...
Linux Distros Unpatched Vulnerability : CVE-2026-43185
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix signededness bug in smbdirectpreparenegotiation smbdirectpreparenegotiation casts an unsigned u32 value from sp-maxrecvsize and req-preferredsendsize...
PT-2026-37525
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A signedness bug exists in the smb direct prepare negotiation function. The function casts unsigned u32 values from sp-max recv size and req-preferred send size to signed integers before...
Astra Linux - уязвимость в linux-5.15
An issue was discovered in net/ceph/messengerv2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in cephdecode32...
DEBIAN-CVE-2017-20230
Storable versions before 3.05 for Perl has a stack overflow. The retrievehook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow...
SUSE CVE-2003-0972
Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" semicolon characters in escape sequences, which leads to a buffer overflow...
curl: Integer Overflow/Signedness Mismatch in Printf Precision for HTTP/2 Trailer Headers
BUG IN https://raw.githubusercontent.com/curl/curl/07a9b89fedaec60bdbc254f23f66149b31d2f8da/lib/http2.c c ifstream-bodystarted / This is a trailer / H2BUGFinfofdatas, "h2 trailer: %.s: %.s", namelen, name, valuelen, value; result = Curldynaddf&stream-trailerrecvbuf, "%.s: %.s\r\n", namelen, name,...