ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: validate inner IPv4 header length in IPTFS payload Validation of the totlen and ihl fields of the inner IPv4 packet has been added to the processing of decrypted IPTFS payloads in inputprocesspayload. A crafted ESP...

ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...

CVE-2026-5265 Ovn: ovn: heap over-read in icmp error response generation - security issue

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...

SUSE CVE-2026-31472

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: validate inner IPv4 header length in IPTFS payload Add validation of the inner IPv4 packet totlen and ihl fields parsed from decrypted IPTFS payloads in inputprocesspayload. A crafted ESP packet containing an inner...

EUVD-2026-24823

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: validate inner IPv4 header length in IPTFS payload Add validation of the inner IPv4 packet totlen and ihl fields parsed from decrypted IPTFS payloads in inputprocesspayload. A crafted ESP packet containing an inner...

EUVD-2015-4168

Malware in sbrugna...

DEBIAN-CVE-2022-49998

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix locking in rxrpc's sendmsg Fix three bugs in the rxrpc's sendmsg implementation: 1 rxrpcnewclientcall should release the socket lock when returning an error from rxrpcgetcallslot. 2 rxrpcwaitfortxwindowintr will return...

CVE-2022-48334

Widevine Trusted Application TA 5.0.0 through 5.1.1 has a drmverifykeys totallen+filenamelen integer overflow and resultant buffer overflow...

PT-2023-15713 · Google · Widevine Trusted Application

Name of the Vulnerable Software and Affected Versions: Widevine Trusted Application TA versions 5.0.0 through 5.1.1 Description: The issue is related to an integer overflow and resultant buffer overflow in the drm verify keys function, specifically with the total len+file name len calculation. Th...

SUSE CVE-2015-4144

The EAP-pwd server and peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service crash via a crafted message...

SUSE CVE-2015-8723

The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service stack-based...

SUSE CVE-2021-31401

An issue was discovered in tcprcv in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field header length + data length. With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is...

Denial of service

A denial of service vulnerability exists in MDT's firmware for the KNXnet/IP Secure router SCN-IP100.03 and KNX IP interface SCN-IP000.03 before v3.0.4, that allows a remote attacker to turn the device unresponsive to all requests on the KNXnet/IP Secure layer, until the device is rebooted, via a...

CVE-2021-31401

An issue was discovered in tcprcv in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field header length + data length. With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is...

Contiki Buffer Error Vulnerability

Contiki is an open source cross-platform operating system for IoT Internet of Things devices. Contiki 3.0 suffers from a buffer error vulnerability that stems from an inability to validate the total length of incoming packets specified in its IP header as well as the segmentation offset value...

Nextcloud Quota Limit Bypass Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. A security vulnerability exists in Nextcloud Server versions prior to 9.0.55 and prior to 10.0.2, which stems from the...

PT-2017-10688 · Nextcloud · Nextcloud Server

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 9.0.55 Nextcloud Server versions prior to 10.0.2 Description: The issue allows an authenticated adversary to bypass quota limitations due to improper sanitization of the OC-Total-Length HTTP header values...

hostapd and wpa_supplicant Total-Length field length denial of service vulnerability

hostapd is a daemon that implements a wireless access point AP and authentication server. wpasupplicant is a daemon that runs in the background and is used to support WEP, WPA/WPA2 and WAPI wireless protocols and encrypted authentication. The EAP-pwd server-side and peer-side implementations of...

DEBIAN-CVE-2015-4144

The EAP-pwd server and peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service crash via a crafted message...