149 matches found
UBUNTU-CVE-2023-52618
In the Linux kernel, the following vulnerability has been resolved: block/rnbd-srv: Check for unlikely string overflow Since "devsearchpath" can technically be as large as PATHMAX, there was a risk of truncation when copying it and a second string into "fullpath" since it was also PATHMAX sized...
CVE-2023-52618 block/rnbd-srv: Check for unlikely string overflow
In the Linux kernel, the following vulnerability has been resolved: block/rnbd-srv: Check for unlikely string overflow Since "devsearchpath" can technically be as large as PATHMAX, there was a risk of truncation when copying it and a second string into "fullpath" since it was also PATHMAX sized...
CVE-2023-52618
CVE-2023-52618 affects the Linux kernel’s block/rnbd-srv path. The issue stems from copying dev_search_path and a second string into full_path, each sized PATH_MAX, which could truncate. The root cause was a potential truncation in snprintf(full_path, PATH_MAX, "%s/%s", dev_search_path, dev_name)...
CVE-2023-52618 block/rnbd-srv: Check for unlikely string overflow
In the Linux kernel, the following vulnerability has been resolved: block/rnbd-srv: Check for unlikely string overflow Since "devsearchpath" can technically be as large as PATHMAX, there was a risk of truncation when copying it and a second string into "fullpath" since it was also PATHMAX sized...
CVE-2023-52618
In the Linux kernel, the following vulnerability has been resolved: block/rnbd-srv: Check for unlikely string overflow Since "devsearchpath" can technically be as large as PATHMAX, there was a risk of truncation when copying it and a second string into "fullpath" since it was also PATHMAX sized...
CVE-2023-52618 block/rnbd-srv: Check for unlikely string overflow
In the Linux kernel, the following vulnerability has been resolved: block/rnbd-srv: Check for unlikely string overflow Since "devsearchpath" can technically be as large as PATHMAX, there was a risk of truncation when copying it and a second string into "fullpath" since it was also PATHMAX sized...
Linux kernel security vulnerabilities
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a string overflow vulnerability in block/rnbd-srv...
CVE-2023-52464 EDAC/thunderx: Fix possible out-of-bounds string access
In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug in the usage of strncat: drivers/edac/thunderxedac.c: In function 'thunderxocxcomthreadedisr':...
Asrmicro ASR1803, ASR1806 Security Vulnerabilities
The Asrmicro ASR1803 and Asrmicro ASR1806 are both chips from Avantage Technology Asrmicro, a Chinese company. A security vulnerability exists in the Asrmicro ASR1803, ASR1806, which stems from a security best practice violation whereby string operations in streaming media will write to the end o...
CLSA-2023-1698351940 vim: Fix of 2 CVEs
CVE-2023-5441: segfault in exmode - CVE-2023-5344: buffer overflow in truncstring...
SUSE CVE-2008-4575
Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service crash via 1 a long -cmd argument and 2 unspecified vectors related to "a bunch of potential string overflows."...
SUSE CVE-2018-14598
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS segmentation fault...
expat: Integer overflow in copyString()
An integer overflow flaw was found in expat. This issue affects the encoding name parameter at the parser creation time, which is often hard-coded rather than user input, takes a value in the gigabytes to trigger, and on a 64-bit machine. This flaw can cause a denial of service...
CLSA-2022-1660757175 Fixed 15 CVEs in expat
CVE-2022-25236: Fix insertion of namespace-separator characters into namespace URIs - CVE-2022-25235: Fix malformed UTF-8 sequences which can lead to arbitrary code execution - CVE-2022-25315: Fix integer overflow in storeRawNames - CVE-2022-22822: Fix integer overflow in addBinding -...
git -- Multiple vulnerabilities
This release contains 2 security fixes: CVE-2022-39253 When relying on the --local clone optimization, Git dereferences symbolic links in the source repository before creating hardlinks or copies of the dereferenced link in the destination repository. This can lead to surprising behavior where...
GSD-2021-1002689 firmware: arm_scpi: Fix string overflow in SCPI genpd driver
firmware: armscpi: Fix string overflow in SCPI genpd driver This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.88 by commit...
GSD-2021-1002665 firmware: arm_scpi: Fix string overflow in SCPI genpd driver
firmware: armscpi: Fix string overflow in SCPI genpd driver This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.168 by commit...
GSD-2021-1002645 firmware: arm_scpi: Fix string overflow in SCPI genpd driver
firmware: armscpi: Fix string overflow in SCPI genpd driver This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.222 by commit...
GSD-2021-1002630 firmware: arm_scpi: Fix string overflow in SCPI genpd driver
firmware: armscpi: Fix string overflow in SCPI genpd driver This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.259 by commit...
redis: Integer overflow issue with strings
An integer overflow issue was found in redis in the underlying string library. The vulnerability involves changing the default "proto-max-bulk-len" configuration parameter to a very large value and constructing specially crafted network payloads or commands. This flaw allows a remote attacker to...