9 matches found
libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers
Summary found that libp2p-rendezvous server has no limit on how many namespaces a single peer can register. a malicious peer can just keep registering unique namespaces in a loop and the server happily accepts every single one allocating memory for each registration with no pushback. keep doing...
CVE-2022-50419
CVE-2022-50419 concerns the Linux kernel Bluetooth subsystem, specifically the hci_sysfs path. The public description states that the issue arises from attempting to call device_add multiple times for a single device structure, violating documented expectations that device_add() (and device_regis...
Linux Distros Unpatched Vulnerability : CVE-2022-49686
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix list double add in uvcgvideopump A panic can occur if the endpoint...
UBUNTU-CVE-2022-49999
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix space cache corruption and potential double allocations When testing spacecache v2 on a large set of machines, we encountered a few symptoms: 1. "unable to add free space :-17" EEXIST errors. 2. Missing free space info...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a double-add problem in uvcgvideopump...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid adding an interface to the list twice when SER occurs. If SER L2 occurs during the WoWLAN resume flow, the interface addition process is triggered by ieee80211reconfig. However, due to the return failure of...
SUSE CVE-2020-22218
An issue was discovered in function libssh2packetadd in libssh2 1.10.0 allows attackers to access out of bounds memory...
DEBIAN-CVE-2020-26683
A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information...
multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword which is mishandled because arithmetic ADD is used instead of bitwise OR.
...