1395 matches found
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the INTEGERdecodeoer function. An attacker can cause a denial of service or trigger incorrect integer interpretation in downstream applications by submitting a maliciously crafted, zero-length OER payload for a...
CVE-2026-45615
mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c specifically INTEGERoer.c. When parsing a maliciously crafted, zero-length OER payload for a variable-length, non-negative INTEGER type, th...
CVE-2026-45615
ASN.1 compiler mouse07410/asn1c (1.4 and earlier) contains a memory-safety flaw in the OER decoding skeleton (INTEGER_oer.c). Parsing a crafted, zero-length OER payload for a variable-length, non-negative INTEGER can skip required-byte validation before extracting the MSB, causing a precise 1-byt...
CVE-2026-45615
mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c specifically INTEGERoer.c. When parsing a maliciously crafted, zero-length OER payload for a variable-length, non-negative INTEGER type, th...
EUVD-2026-33314
mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c specifically INTEGERoer.c. When parsing a maliciously crafted, zero-length OER payload for a variable-length, non-negative INTEGER type, th...
CVE-2026-45615 mouse07410/asn1c: 1-byte Heap Out-of-Bounds Read in `INTEGER_decode_oer` via Malformed OER Payload
mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c specifically INTEGERoer.c. When parsing a maliciously crafted, zero-length OER payload for a variable-length, non-negative INTEGER type, th...
PT-2026-44847
mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c specifically INTEGER oer.c. When parsing a maliciously crafted, zero-length OER payload for a variable-length, non-negative INTEGER type, t...
strongSwan 5.9.13 - DoS
Exploit Title: strongSwan 5.9.13 - DoS Date: 2026-05-13 Exploit Author: Lukas Johannes Moeller Vendor Homepage: https://www.strongswan.org/ Software Link: https://download.strongswan.org/strongswan-5.9.13.tar.bz2 Version: strongSwan next never advances and the per-attribute length computation...
📄 ImageMagick 7.x Denial of Service
ImageMagick versions 7.x suffer from an infinite loop issue in the MIFF decoder that can lead to CPU exhaustion. Exploit Title: ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion Google Dork: N/A Date: 2026-05-13 Exploit Author: Jose Rivas bl4cksku11 & Zero Trust Offsec...
asn1c 安全漏洞
ASN1C is an ASN.1 compiler developed by Lev Walkin as a personal project. Versions of ASN1C prior to 1.4 contained security vulnerabilities. These vulnerabilities stemmed from memory safety issues in the OER decoding framework. When parsing specially crafted zero-length payloads, the decoder did...
kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()
A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...
CVE-2026-46114
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Reject non-8-byte ATOMICWRITE payloads atomicwritereply at drivers/infiniband/sw/rxe/rxeresp.c unconditionally dereferences 8 bytes at payloadaddrpkt: value = u64 payloadaddrpkt; checkrkey previously accepted an...
UBUNTU-CVE-2026-46114
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Reject non-8-byte ATOMICWRITE payloads atomicwritereply at drivers/infiniband/sw/rxe/rxeresp.c unconditionally dereferences 8 bytes at payloadaddrpkt: value = u64 payloadaddrpkt; checkrkey previously accepted an...
UBUNTU-CVE-2026-46123
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: clamp rx length before skbput virtbtrxwork calls skbputskb, len where len comes directly from virtqueuegetbuf with no validation against the buffer we posted to the device. The RX skb is allocated in...
CVE-2026-46123 Bluetooth: virtio_bt: clamp rx length before skb_put
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: clamp rx length before skbput virtbtrxwork calls skbputskb, len where len comes directly from virtqueuegetbuf with no validation against the buffer we posted to the device. The RX skb is allocated in...
EUVD-2026-32873
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Reject non-8-byte ATOMICWRITE payloads atomicwritereply at drivers/infiniband/sw/rxe/rxeresp.c unconditionally dereferences 8 bytes at payloadaddrpkt: value = u64 payloadaddrpkt; checkrkey previously accepted an...
kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()
A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...
kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()
A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...
kernel: io_uring/rsrc: reject zero-length fixed buffer import
A flaw was found in the Linux kernel's iouring subsystem. A local attacker can exploit a vulnerability in the ioimportfixed function by importing a zero-length fixed buffer. This can lead to an out-of-bounds read from slab memory, potentially resulting in information disclosure or a denial of...
kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()
A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...