225 matches found
CVE-2026-29008
U-Boot 2026.04-rc3 contains a vulnerability in tcp_rx_state_machine() (net/tcp.c) that can crash the bootloader via a malformed TCP SYN+ACK with manipulated data offset, causing payload_len to become negative. The negative value is implicitly converted to a large unsigned integer and passed to me...
CVE-2026-53151
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix the ACK parser to extract the SACK table for parsing Fix modification of the received skbuff in rxrpcinputsoftacks and a potential incorrect access of the buffer in a fragmented UDP packet the packet would probably hav...
CVE-2026-53151
CVE-2026-53151 concerns the Linux kernel AF_RXRPC subsystem, where legacy parsing of the SACK table could trigger an invalid buffer access when processing fragmented UDP packets. The fix updates rxrpc_input_soft_acks() and rxrpc_input_ack() logic so that SACK contents are not copied into a flat b...
PT-2026-52587
Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 5.9.1 Description A heap buffer overflow occurs in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The issue stems from an integer truncation when calculating the length of the ACK...
PT-2026-51724
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the functions batadv tp recv ack and batadv tp stop incorrectly process tp vars when the role is set to BATADV TP RECEIVER. In this state,...
stigmem-node's unsigned plugin override could be enabled without a second explicit acknowledgment
Impact A single configuration flag could disable plugin signature enforcement. If an operator unintentionally carried that setting into an environment where plugin paths are writable by less-trusted users, unsigned plugin code could be loaded. Patches Patched in 0.9.0a2. Disabling plugin signatur...
GHSA-W7PM-9G55-MXFM stigmem-node's unsigned plugin override could be enabled without a second explicit acknowledgment
Impact A single configuration flag could disable plugin signature enforcement. If an operator unintentionally carried that setting into an environment where plugin paths are writable by less-trusted users, unsigned plugin code could be loaded. Patches Patched in 0.9.0a2. Disabling plugin signatur...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fixed the missing initialization of the mrioc-evtackcmds array. The commit c1af985d27da “scsi: mpi3mr: Add Event acknowledgment logic” introduced an array mrioc-evtackcmds, but the initialization of its elements was...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: Use OPTIONMPTCPMPJSYNACK in subflowfinishconnect subflowfinishconnect uses four fields backup, joinid, thmac, none that may contain garbage unless OPTIONMPTCPMPJSYNACK has been set in mptcpparseoption...
Linux Distros Unpatched Vulnerability : CVE-2026-31662
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tipc: fix bcackers underflow on duplicate GRPACKMSG The GRPACKMSG handler in tipcgroupprotorcv currently decrements bcackers on every inbound group ACK, even wh...
SUSE CVE-2026-31662
In the Linux kernel, the following vulnerability has been resolved: tipc: fix bcackers underflow on duplicate GRPACKMSG The GRPACKMSG handler in tipcgroupprotorcv currently decrements bcackers on every inbound group ACK, even when the same member has already acknowledged the current broadcast...
PT-2026-35014
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The GRP ACK MSG handler in the tipc group proto rcv function decrements the bc ackers variable on every inbound group ACK, including duplicate ACKs from members who have already...
EUVD-2026-21214
Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow...
UBUNTU-CVE-2026-5264
Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow...
CVE-2026-5264
CVE-2026-5264 describes a heap buffer overflow in DTLS 1.3 ACK message processing. The vulnerability can be triggered by a remote attacker that sends a crafted DTLS 1.3 ACK message, potentially enabling high-impact outcomes as reflected by the associated CVSS metrics (NVD: AV:N/AC:L/PR:N/UI:N/S:U...
CVE-2026-5264
Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow...
OpenSSH 安全漏洞
OpenSSH OpenBSD Secure Shell is a set of open-source tools developed by OpenBSD in Canada, designed for secure access to remote computers. This tool is an open-source implementation of the SSH protocol, supporting encryption of all transmissions. It effectively prevents eavesdropping, connection...
CVE-2026-4247
CVE-2026-4247 affects FreeBSD TCP implementations (bases: 14.x, 15.x/releng) where, when a challenge ACK should be sent, tcp_respond() consumes the mbuf and can leak the mbuf if no ACK is sent. An attacker on-path or able to establish a TCP connection can craft packets that trigger a challenge AC...
FreeBSD 安全漏洞
FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There is a security vulnerability in FreeBSD, which stems from the tcprespond function returning and leaking the mbuf when an ACK should not be sent. This vulnerability could allow attackers to exploit the system by...
FreeBSD -- TCP: remotely exploitable DoS vector (mbuf leak)
Problem Description: When a challenge ACK is to be sent tcprespond constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. Impact: If an attacker is either on path with an established TCP...