105 matches found
Security update for trivy (important)
openSUSE security update: security update for trivy ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21249-1 Rating: important References: bsc1269269 bsc1269271 Cross-References: CVE-2026-54448 CVE-2026-55092 CVSS scores: CVE-2026-54448 SUSE : 6.5...
UBUNTU-CVE-2026-20217
Fixed a bug in the PESpin unpacker cleanup path that could free pointers into the scanned file buffer and crash the scanner...
UBUNTU-CVE-2026-20214
Fixed an FSG unpacker loop underflow that could write past the section array while scanning a malformed PE file...
Linux Distros Unpatched Vulnerability : CVE-2026-57585
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of- bounds read/crash on Unpacker reuse after a caught erro...
DEBIAN-CVE-2026-57585
MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading to a DoS attack. If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. This...
CVE-2026-57585
MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading to a DoS attack. If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. This...
UBUNTU-CVE-2026-57585
MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading to a DoS attack. If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. This...
CVE-2026-57585 MessagePack: Out-of-bounds read/crash on Unpacker reuse after caught error
MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading to a DoS attack. If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. This...
CVE-2026-57585
The CVE concerns MessagePack for Python (msgpack). Prior to version 1.2.1, reusing an Unpacker after a caught error can trigger an out-of-bounds read/crash, potentially causing a DoS via SEGV. A fix is available in version 1.2.1. This entry uses concrete details from the connected records (produc...
CVE-2026-57585
MessagePack is the serializer implementation for Python msgpack.org. Prior to 1.2.1, there is an Out-of-bounds read/crash on Unpacker reuse after a caught error, potentially leading to a DoS attack. If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. This...
PT-2026-54004
Name of the Vulnerable Software and Affected Versions MessagePack versions prior to 1.2.1 Description An out-of-bounds read occurs when an Unpacker is reused after an error has been caught, which can lead to a denial of service DoS attack. If the Unpacker is used repeatedly following such an erro...
CVE-2026-54448
Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive .tgz, its custom tar unpacker reads each entry with io.ReadAlltr and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to...
GHSA-6V7P-G79W-8964 MessagePack for Python: Out-of-bounds read / crash on Unpacker reuse after a caught error
Impact If the Unpacker is used repeatedly after an error occurs, the process may crash with a SEGV. If the Unpacker is used repeatedly to unpack untrusted input from external sources, it may be vulnerable to a DoS attack. Patches v1.2.1 Workarounds Users should create a new Unpacker instead of...
Use After Free
Overview msgpack is an efficient binary serialization format. Affected versions of this package are vulnerable to Use After Free in the unpacker' when it is reused after an error has occurred. An attacker can cause a crash or denial of service by repeatedly triggering errors and reusing the same...
DEBIAN-CVE-2026-49127
Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcmunpack24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one write in the PCM decoder plugin. Attackers can issue two MPD...
EUVD-2026-17494
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure SS data. Insufficient bounds checking on the payload...
PJSIP 缓冲区错误漏洞
PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Prior to PJSIP 2.17, there was a buffer error vulnerability. This vulnerability stemmed from the VP9 RTP...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from unaligned memory accesses in the unpacker, which could lead to a system crash...
EUVD-2006-2866
Malware in sbrugna...
EUVD-2018-7256
Malware in sbrugna...