CVE-2017-20230

CVE-2017-20230 affects Perl’s Storable before 3.05. The issue arises in retrieve_hook, which stores the class-name length as a signed int but reads it as unsigned, enabling crafted data to trigger a stack overflow during read operations. Public reports confirm a high-impact condition (CRITICAL) w...

CVE-2017-20230 Storable versions before 3.05 for Perl has a stack overflow

Storable versions before 3.05 for Perl has a stack overflow. The retrievehook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow...

CVE-2017-20230

Storable versions before 3.05 for Perl has a stack overflow. The retrievehook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow...

Updated libtiff packages fix security vulnerabilities

libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tifopen.c. CVE-2025-61143 libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. CVE-2025-61144...

MGASA-2026-0105 Updated libtiff packages fix security vulnerabilities

libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tifopen.c. CVE-2025-61143 libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. CVE-2025-61144...

PT-2026-33993

Name of the Vulnerable Software and Affected Versions Storable versions prior to 3.05 Description A stack overflow exists in the retrieve hook function. The issue occurs because the length of the class name is stored as a signed integer but is treated as unsigned during read operations, allowing ...

PJSIP 安全漏洞

PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. PJSIP versions 2.16 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the...

Security update for freeipmi (important)

openSUSE security update: security update for freeipmi ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20556-1 Rating: important References: bsc1260414 Cross-References: CVE-2026-33554 CVSS scores: CVE-2026-33554 SUSE : 7.6...

Perl 安全漏洞

Perl is a general-purpose, interpreted, dynamic, and cross-platform programming language developed by the Perl community. Versions of Perl prior to 3.05 contained security vulnerabilities. These vulnerabilities stemmed from the retrievehook function, which stored the length of class names as...

PT-2026-34170

Name of the Vulnerable Software and Affected Versions PJSIP versions 2.16 and earlier Description A stack buffer overflow occurs in the pjsip auth create digest2 function when using pre-computed digest credentials PJSIP CRED DATA DIGEST. The function copies credential data using the cred...

nest 安全漏洞

Nest is a Node.js framework developed by NestJS, designed for building efficient, scalable, and enterprise-level server-side applications using TypeScript/JavaScript. Versions of Nest prior to 11.1.19 contained a security vulnerability. This vulnerability stemmed from the recursive invocation of...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010956)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010956 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - increase the memory of local variables Increase the buffer to prevent stac...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-006985)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006985 advisory. In the Linux kernel, the following vulnerability has been resolved: rcu: Avoid stack overflow due to rcuirqenterchecktick being kprobe-ed Registering a kprobe on...

Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-011338)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011338 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fix stack overflow when LRO is disabled for virtual interfaces When the virtual interface's...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011085)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011085 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: fix stack overflow in line6miditransmit Correctly calculate available space includin...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012960)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012960 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/srso: Add SRSO mitigation for Hygon processors Add mitigation for the speculative return stac...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011400)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011400 advisory. In the Linux kernel, the following vulnerability has been resolved: rcu: Avoid stack overflow due to rcuirqenterchecktick being kprobe-ed Registering a kprobe on...

CVE-2026-40489

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directo...

CVE-2026-40324

Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser Utf8GraphQLParser has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types...

JLSEC-2026-154

Stack overflow in the parsetag function in libass/assparse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file...