Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2026/06/26 8:20 a.m.11 views

CVE-2026-53132

A flaw was found in the Linux kernel's vsock/virtio component. A remote attacker could send specially crafted packets with zero length and an End-of-Message EOM flag. This could lead to an unbounded queue of packets, consuming excessive memory and potentially causing a Denial of Service DoS due t...

7.1CVSS5.8AI score0.0014EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53132

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential unbounded skb queue virtiotransportincrxpkt checks vvs-rxbytes + len vvs-bufalloc. virtiotransportrecvenqueue skips coalescing for packets with VIRTIOVSOCKSEQEOM. If fed with packets with len == 0 and...

7.1CVSS5.7AI score0.0014EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/25 8:38 a.m.33 views

CVE-2026-53132 vsock/virtio: fix potential unbounded skb queue

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential unbounded skb queue virtiotransportincrxpkt checks vvs-rxbytes + len vvs-bufalloc. virtiotransportrecvenqueue skips coalescing for packets with VIRTIOVSOCKSEQEOM. If fed with packets with len == 0 and...

7.1CVSS0.0014EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 8:38 a.m.13 views

CVE-2026-53132

CVE-2026-53132 affects the Linux kernel vsock/virtio, where receiving zero-length packets with VIRTIO_VSOCK_SEQ_EOM could cause an unbounded skb queue growth, exhausting memory. The root cause is a miscalculation of backlog: vvs->rx_bytes + len > vvs->buf_alloc allows large queues when l...

7.1CVSS5.7AI score0.0014EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52228

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the vsock/virtio component where a potential unbounded skb socket buffer queue can occur. The virtio transport inc rx pkt function checks if vvs-rx bytes plus the pack...

7.1CVSS5.9AI score0.0014EPSS
Exploits0References13
UbuntuCve
UbuntuCve
added 2025/12/24 11:15 a.m.4 views

CVE-2022-50706

In the Linux kernel, the following vulnerability has been resolved: net/ieee802154: don't warn zero-sized rawsendmsg syzbot is hitting skbassertlen warning at devqueuexmit 1, for PFIEEE802154 socket's zero-sized rawsendmsg request is hitting devqueuexmit with skb-len == 0. Since PFIEEE802154...

5.7AI score0.00173EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper handling of zero-length packets, which may result in a kernel warning...

6.2AI score0.00173EPSS
Exploits0References7
OSV
OSV
added 2025/11/03 2:59 p.m.6 views

CLSA-2025-1762181946 frr: Fix of CVE-2023-38406

CVE-2023-38406: fix BGP Flowspec NLRI overflow vulnerability where zero-length packets could cause packet processing errors...

9.8CVSS7.2AI score0.00939EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-4142

Malware in sbrugna...

7.8CVSS6.3AI score0.02354EPSS
Exploits0References11
OSV
OSV
added 2023/06/03 11:5 a.m.4 views

OESA-2023-1312 c-ares security update

This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need to perform multiple Security Fixes: c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a...

7.5CVSS6.9AI score0.01577EPSS
Exploits0References2
OSV
OSV
added 2023/05/25 11:15 p.m.9 views

AZL-26942 CVE-2023-32067 affecting package python-gevent for versions less than 21.1.2-3

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...

7.5CVSS5.7AI score0.01577EPSS
Exploits0References1
OSV
OSV
added 2023/05/25 11:15 p.m.6 views

AZL-26937 CVE-2023-32067 affecting package nodejs for versions less than 16.20.1-2

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...

7.5CVSS6.6AI score0.01577EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/25 12:0 a.m.5 views

Bro Buffer Overflow Vulnerability

Bro is an open source framework for network analysis and security monitoring . A security vulnerability exists in the analyzer/protocol/dnp3/DNP3.cc file in Bro versions prior to 2.3.2, which stems from the program failing to properly handle packets of zero length. A remote attacker could exploit...

7.5CVSS7.1AI score0.01782EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2010/01/19 11:30 p.m.7 views

kernel: firewire: ohci: handle receive packets with a data length of zero

drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet tha...

4.7CVSS7.3AI score0.00361EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.19 views

Debian Security Advisory DSA 912-1 (centericq)

The remote host is missing an update to centericq announced via advisory DSA 912-1. Wernfried Haas discovered that centericq, a text-mode multi-protocol instant messenger client, can crash when it receives certain zero length packets and is directly connected to the Internet. For the old stable...

7.8CVSS1.4AI score0.11988EPSS
Exploits0
Cvelist
Cvelist
added 2005/11/20 8:0 p.m.28 views

CVE-2005-3694

centericq 4.20.0-r3 with "Enable peer-to-peer communications" set allows remote attackers to cause a denial of service segmentation fault and crash via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus...

6.5AI score0.11988EPSS
Exploits0References10
Rows per page
Query Builder