CVE-2026-53151

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix the ACK parser to extract the SACK table for parsing Fix modification of the received skbuff in rxrpcinputsoftacks and a potential incorrect access of the buffer in a fragmented UDP packet the packet would probably hav...

UBUNTU-CVE-2026-52931

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: avoid use of uninit sender vars batadvtprecvack and batadvtpstop are only valid for tpvars in the BATADVTPSENDER role. When called with a BATADVTPRECEIVER role, it proceeds to read sender-only members that we...

Astra Linux – Vulnerability in atftp

In tftpdfile.c in atftp up to 0.7.4, there is a buffer overflow issue due to improper handling of buffer-size parameters, which does not correctly account for combinations of data, OACK, and other options...

CVE-2025-53114

CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 through 7.0.18, and 8.0.0 through 8.0.8, bad clients that always send a fixed batch value when the server is using the acknowledgement extension may cause the unacknowledged...

CVE-2025-53114 CometD has acknowledgement extension out of memory

CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 through 7.0.18, and 8.0.0 through 8.0.8, bad clients that always send a fixed batch value when the server is using the acknowledgement extension may cause the unacknowledged...

CVE-2025-53114

Affected software: CometD server implementations. A vulnerability arises when clients consistently set ext.ack to 1 during /meta/connect while the acknowledgement extension is enabled, causing the unacknowledged message queue to grow without bound and potentially trigger OutOfMemoryError. Affecte...

GHSA-CQGJ-H8VF-4W59 Acknowledgement extension out of memory

Impact Bad clients that always send a fixed batch value while the server is using the acknowledgement extension can cause the unacknowledged message queue to grow indefinitely, eventually resulting in an OutOfMemoryError. Such bad clients would always send: json "channel": "/meta/connect",...

Acknowledgement extension out of memory

Impact Bad clients that always send a fixed batch value while the server is using the acknowledgement extension can cause the unacknowledged message queue to grow indefinitely, eventually resulting in an OutOfMemoryError. Such bad clients would always send: json "channel": "/meta/connect",...

PT-2026-48527

Name of the Vulnerable Software and Affected Versions CometD versions 5.0.x CometD versions 6.0.x CometD versions 8.0.x Description Improper handling of the acknowledgement extension allows malicious clients to cause a server outage. By consistently sending a fixed batch value in the ext paramete...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: TCP: Do not accept ACKs for bytes that we never sent. This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. The validation of ACK sequences currently follows the guidelines outlined in RFC 5961,...

CVE-2026-34960 barebox Out-of-Bounds Read in DHCP Option Parsing

barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcpmessagetype function that fails to verify the options pointer remains within received packet bounds. An attacker on the same broadcast domain can send a crafted DHCP Offer or ACK...

PT-2026-39849

Name of the Vulnerable Software and Affected Versions barebox versions prior to 2026.04.0 Description An out-of-bounds read occurs during DHCP option parsing within the dhcp message type function because the software fails to verify that the options pointer remains within the received packet...

apko doesn't verify downloaded apk packages against APKINDEX checksum (package substitution possible)

apko verifies the signature on APKINDEX.tar.gz but never compares individually downloaded .apk packages against the checksum recorded in the signed index. The checksum is parsed and available via ChecksumString, and the downloaded package control hash is computed, but the two values are never...

MsQuic has a Remote Elevation of Privilege Vulnerability

Summary Improper input validation in Microsoft QUIC allows an unauthorized attacker to elevate privileges over a network. Details Improper Input Validation Integer Underflow Wrap or Wraparound when decoding ACK frame. Patches - Fix underflow in ACK frame parsing - 1e6e999b Impact An attacker who...

CVE-2026-5264

Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow...

EUVD-2026-16128

When a challenge ACK is to be sent tcprespond constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. If an attacker is either on path with an established TCP connection, or can themselves...

CVE-2026-4247 TCP: remotely exploitable DoS vector (mbuf leak)

When a challenge ACK is to be sent tcprespond constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. If an attacker is either on path with an established TCP connection, or can themselves...

CVE-2026-4247

When a challenge ACK is to be sent tcprespond constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. If an attacker is either on path with an established TCP connection, or can themselves...

FreeBSD Security Advisory - FreeBSD-SA-26:06.tcp

FreeBSD Security Advisory - When a challenge ACK is to be sent tcprespond constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf...

CVE-2026-23125

In the Linux kernel, the following vulnerability has been resolved: sctp: move SCTPCMDASSOCSHKEY right after SCTPCMDPEERINIT A null-ptr-deref was reported in the SCTP transmit path when SCTP-AUTH key initialization fails: ================================================================== KASAN:...