16 matches found
CVE-2026-53132
A flaw was found in the Linux kernel's vsock/virtio component. A remote attacker could send specially crafted packets with zero length and an End-of-Message EOM flag. This could lead to an unbounded queue of packets, consuming excessive memory and potentially causing a Denial of Service DoS due t...
UBUNTU-CVE-2026-53132
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential unbounded skb queue virtiotransportincrxpkt checks vvs-rxbytes + len vvs-bufalloc. virtiotransportrecvenqueue skips coalescing for packets with VIRTIOVSOCKSEQEOM. If fed with packets with len == 0 and...
CVE-2026-53132 vsock/virtio: fix potential unbounded skb queue
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential unbounded skb queue virtiotransportincrxpkt checks vvs-rxbytes + len vvs-bufalloc. virtiotransportrecvenqueue skips coalescing for packets with VIRTIOVSOCKSEQEOM. If fed with packets with len == 0 and...
CVE-2026-53132
CVE-2026-53132 affects the Linux kernel vsock/virtio, where receiving zero-length packets with VIRTIO_VSOCK_SEQ_EOM could cause an unbounded skb queue growth, exhausting memory. The root cause is a miscalculation of backlog: vvs->rx_bytes + len > vvs->buf_alloc allows large queues when l...
PT-2026-52228
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the vsock/virtio component where a potential unbounded skb socket buffer queue can occur. The virtio transport inc rx pkt function checks if vvs-rx bytes plus the pack...
CVE-2022-50706
In the Linux kernel, the following vulnerability has been resolved: net/ieee802154: don't warn zero-sized rawsendmsg syzbot is hitting skbassertlen warning at devqueuexmit 1, for PFIEEE802154 socket's zero-sized rawsendmsg request is hitting devqueuexmit with skb-len == 0. Since PFIEEE802154...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper handling of zero-length packets, which may result in a kernel warning...
CLSA-2025-1762181946 frr: Fix of CVE-2023-38406
CVE-2023-38406: fix BGP Flowspec NLRI overflow vulnerability where zero-length packets could cause packet processing errors...
EUVD-2007-4142
Malware in sbrugna...
OESA-2023-1312 c-ares security update
This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need to perform multiple Security Fixes: c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a...
AZL-26942 CVE-2023-32067 affecting package python-gevent for versions less than 21.1.2-3
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...
AZL-26937 CVE-2023-32067 affecting package nodejs for versions less than 16.20.1-2
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...
Bro Buffer Overflow Vulnerability
Bro is an open source framework for network analysis and security monitoring . A security vulnerability exists in the analyzer/protocol/dnp3/DNP3.cc file in Bro versions prior to 2.3.2, which stems from the program failing to properly handle packets of zero length. A remote attacker could exploit...
kernel: firewire: ohci: handle receive packets with a data length of zero
drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet tha...
Debian Security Advisory DSA 912-1 (centericq)
The remote host is missing an update to centericq announced via advisory DSA 912-1. Wernfried Haas discovered that centericq, a text-mode multi-protocol instant messenger client, can crash when it receives certain zero length packets and is directly connected to the Internet. For the old stable...
CVE-2005-3694
centericq 4.20.0-r3 with "Enable peer-to-peer communications" set allows remote attackers to cause a denial of service segmentation fault and crash via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus...