CVE-2026-44893 Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

Missing Release of Resource after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime through improper handling of TLV length in the readNextTLV function. An attacker can cause resource exhaustion and denial of service by sending a specially crafted HAProxy protocol...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: tipc: The issue in tipcnlcompatnametabledumpheader regarding the check of the msg-req TLV length was fixed. This is a follow-up to commit 974cb0e3e7c9 “tipc: fixing uninit-value in tipcnlcompatnametabledump". In that commit, a ty...

CVE-2026-24738

gmrtd is a Go library for reading Machine Readable Travel Documents MRTDs. Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well...

CVE-2026-24738

Concisely, the Go library github.com/gmrtd/gmrtd’s ReadFile() is vulnerable to Denial of Service from unbounded TLV lengths before v0.17.2. Multiple sources (SUSE, Red Hat, OSV, CVE lists, GHSA advisory, Snyk) describe that ReadFile could accept TLVs up to 4 GB, causing uncontrolled memory and CP...

EUVD-2026-4740

gmrtd is a Go library for reading Machine Readable Travel Documents MRTDs. Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well...

CVE-2026-24738 gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values

gmrtd is a Go library for reading Machine Readable Travel Documents MRTDs. Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well...

GHSA-J49H-6577-5XWQ gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values

Unbounded TLV length in ReadFile can cause Denial of Service Summary A Denial of Service vulnerability was identified in ReadFile where unbounded TLV length values could lead to excessive CPU and memory usage when processing data from a malicious or non-compliant NFC source. This issue has been...

CVE-2022-33302

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988902)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988902 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: fix the msg-req tlv len check in tipcnlcompatnametabledumpheader This is a follow-up for...

CVE-2025-64096 CryptoLib vulnerable to Stack Buffer Overflow in Crypto_Key_Update due to missing TLV length check

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to 1.4.2, there is a missing bounds check in CryptoKeyupdate...

EUVD-2021-17219

Malware in sbrugna...

EUVD-2022-36345

Malicious code in bioql PyPI...

UBUNTU-CVE-2025-53022

TrustedFirmware-M aka Trusted Firmware for M profile Arm CPUs before 2.1.3 and 2.2.x before 2.2.1 lacks length validation during a firmware upgrade. While processing a new image, the Firmware Upgrade FWU module does not validate the length field of the Type-Length-Value TLV structure for dependen...

CVE-2025-53022

TrustedFirmware-M aka Trusted Firmware for M profile Arm CPUs before 2.1.3 and 2.2.x before 2.2.1 lacks length validation during a firmware upgrade. While processing a new image, the Firmware Upgrade FWU module does not validate the length field of the Type-Length-Value TLV structure for dependen...

OESA-2025-1820 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: tipc: fix the msg-req tlv len check in tipcnlcompatnametabledumpheader This is a follow-up for commit 974cb0e3e7c9 "tipc: fix uninit-value in...

CVE-2021-30288

Possible stack overflow due to improper length check of TLV while copying the TLV to a local stack variable in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon...

SUSE CVE-2022-49862

In the Linux kernel, the following vulnerability has been resolved: tipc: fix the msg-req tlv len check in tipcnlcompatnametabledumpheader This is a follow-up for commit 974cb0e3e7c9 "tipc: fix uninit-value in tipcnlcompatnametabledump" where it should have type casted sizeof.. to int to work whe...

DEBIAN-CVE-2022-49862

In the Linux kernel, the following vulnerability has been resolved: tipc: fix the msg-req tlv len check in tipcnlcompatnametabledumpheader This is a follow-up for commit 974cb0e3e7c9 "tipc: fix uninit-value in tipcnlcompatnametabledump" where it should have type casted sizeof.. to int to work whe...

CVE-2022-49862 tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header

In the Linux kernel, the following vulnerability has been resolved: tipc: fix the msg-req tlv len check in tipcnlcompatnametabledumpheader This is a follow-up for commit 974cb0e3e7c9 "tipc: fix uninit-value in tipcnlcompatnametabledump" where it should have type casted sizeof.. to int to work whe...