Lucene search
K

14 matches found

Vulnrichment
Vulnrichment
added 2026/06/12 2:0 p.m.10 views

CVE-2026-44893 Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS5.5AI score0.00578EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 2:0 p.m.103 views

CVE-2026-44893

Netty CVE-2026-44893 affects netty-codec-haproxy prior to 4.1.135.Final and 4.2.15.Final. During PP2_TYPE_SSL TLV decoding, HAProxyMessage.readNextTLV() retains a slice before reading the client (1 byte) and verify (4 bytes). If TLV length

7.5CVSS5.4AI score0.00578EPSS
Exploits0References10Affected Software1
Debian CVE
Debian CVE
added 2026/04/30 8:17 p.m.6 views

CVE-2026-28532

FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16t accumulator variable truncates uint32t values returned by the TLVSIZE macro, causing the loop termination condition to fail while pointer...

6.5CVSS5.9AI score0.00225EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.11 views

PT-2026-36172

Name of the Vulnerable Software and Affected Versions FRRouting versions prior to 10.5.3 Description An integer overflow exists in seven OSPF Traffic Engineering and Segment Routing TLV parser functions. A uint16 t accumulator variable truncates uint32 t values returned by the TLV SIZE macro, whi...

7.5CVSS5.9AI score0.00371EPSS
Exploits0References40
ATTACKERKB
ATTACKERKB
added 2026/03/13 8:36 p.m.3 views

CVE-2026-3557

Philips Hue Bridge happairverifyhandler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit th...

8CVSS6.3AI score0.00495EPSS
Exploits0References2Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2026/03/06 12:0 a.m.4 views

(Pwn2Own) Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

8CVSS6.1AI score0.00495EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.3 views

PT-2026-23775

Name of the Vulnerable Software and Affected Versions Philips Hue Bridge affected versions not specified Description The Philips Hue Bridge contains a heap-based buffer overflow in the hap pair verify handler function during Sub-TLV parsing. This issue could allow for remote code execution. The...

8CVSS7.8AI score0.00495EPSS
Exploits0References4
NVD
NVD
added 2025/10/22 2:15 p.m.5 views

CVE-2023-53705

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bounds access in ipv6findtlv optlen is fetched without checking whether there is more than one byte to parse. It can lead to out-of-bounds access. Found by InfoTeCS on behalf of Linux Verification Center...

0.00207EPSS
Exploits0References8
OSV
OSV
added 2025/10/22 2:15 p.m.2 views

DEBIAN-CVE-2023-53705

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bounds access in ipv6findtlv optlen is fetched without checking whether there is more than one byte to parse. It can lead to out-of-bounds access. Found by InfoTeCS on behalf of Linux Verification Center...

5.5AI score0.00207EPSS
Exploits0References1
OSV
OSV
added 2025/01/24 11:15 p.m.7 views

CVE-2024-50697

In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not have sufficient bounds checks. This may result in a stack-based buffer overflow...

8.1CVSS6.2AI score0.00429EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/24 12:0 a.m.6 views

PT-2025-2887 · Sungrow · Sungrow Winet-Sv200

Name of the Vulnerable Software and Affected Versions: SunGrow WiNet-SV200 versions 0.001.00.P027 and earlier Description: The issue arises when decrypting MQTT messages, specifically due to insufficient bounds checks in the code that parses certain TLV fields. This may lead to a stack-based buff...

8.1CVSS7AI score0.00429EPSS
Exploits0References5
OSV
OSV
added 2024/08/19 2:15 a.m.3 views

UBUNTU-CVE-2024-44070

An issue was discovered in FRRouting FRR through 10.1. bgpattrencap in bgpd/bgpattr.c does not check the actual remaining stream length before taking the TLV value...

9.8CVSS7.2AI score0.00641EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2024/01/04 2:33 a.m.4 views

SUSE CVE-2024-0210

Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file...

7.8CVSS7.3AI score0.0047EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/10/11 12:0 a.m.4 views

PT-2023-35524 · Git +1 · Opensc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read error. The crash state indicates involvement of the iasecc parse get tlv, iasecc parse docp, and iase...

6.8AI score
Exploits0References2
Rows per page
Query Builder