Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: tls: Make sure to abort the stream if the headers are invalid. Normally, we wait for the socket to buffer up the entire record before processing it. However, if the socket has a very small buffer, we read out the data sooner to...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: tls: fixed handling of zero-length records in the rxlist. Each recvmsg call must process either: - only contiguous DATA records any number of them - one non-DATA record If the next record has a different type than those that...

Linux Distros Unpatched Vulnerability : CVE-2026-5778

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter th...

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound via the sslDecodePacket process. An attacker can cause a program crash and trigger a large out-of-bounds read by injecting a malformed TLS Application Data record that is shorter than the required...

CVE-2026-5778

Integer underflow in wolfSSL packet sniffer = 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large valu...

CVE-2026-1005

Integer underflow in wolfSSL packet sniffer = 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by sslDecodePacket. The underflow wraps a 16-bit length to a large...

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. Versions of wolfSSL prior to 5.8.4 contained a security vulnerability. This vulnerability stemmed from an integer underflow in the AEA...

Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.33 fixes various security issues The following security issues were fixed: CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. CVE-2025-38476: rpl: Fix use-after-free in rpldosrhinline...

SUSE-SU-2026:20266-1 Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. - CVE-2025-38476: rpl: Fix use-after-free in rpldosrhinline bsc125120...

RockyLinux 9 : kernel (RLSA-2025:16880)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:16880 advisory. kernel: netfilter: nfconntrack: fix crash due to removal of uninitialised entry CVE-2025-38472 kernel: smb: client: fix use-after-free in cifsoplockbrea...

RockyLinux 10 : kernel (RLSA-2025:16904)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:16904 advisory. kernel: fs: export anoninodemakesecureinode and fix secretmem LSM bypass CVE-2025-38396 kernel: smb: client: fix use-after-free in cifsoplockbreak...

SUSE CVE-2025-39946

In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we read out the data sooner, to prevent...

AZL-66461 CVE-2025-38608 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpfmsgpopdata in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data length via socket policy, w...

PT-2025-33806

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel related to the bpf and ktls subsystems. A data corruption issue occurs when using bpf msg pop data in ktls. Specifically, the ciphertext length is not...

AZL-37508 CVE-2022-41724 affecting package golang for versions less than 1.21.6-1

Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session...

httpd:2.4 security, bug fix, and enhancement update

httpd 2.4.37-41.0.1 - Add checks on the configured UDS path Orabug: 33412270CVE-2021-40438 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracles index page oracleindex.html 2.4.37-41 - Resolves: 1680111 - httpd sends reply to HTTPS GET using two TLS records -...

CVE-2017-6164

Concrete technical details are available: CVE-2017-6164 affects F5 BIG-IP products with TMM Affected: BIG-IP LTM and related modules (AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) on 11.x, 12.x and 13.x lines. Issue: malformed TLS 1.2 record...

[SECURITY] [DSA 2697-1] gnutls26 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2697-1 [email protected] http://www.debian.org/security/ Florian Weimer May 29, 2013 http://www.debian.org/security/faq -...

DSA-2697-1 gnutls26 - out-of-bounds array read

Bulletin has no description...

DSA-2441-1 gnutls26 - missing bounds check

Bulletin has no description...