USN-8362-1 xz-utils vulnerability

It was discovered that XZ Utils did not properly manage memory when attempting to append data to a decoded index that contained no records. An attacker could possibly use this issue to cause XZ Utils to crash, resulting in a denial of service, or execute arbitrary code...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002324)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002324 advisory. The ip6appenddatamtu function in net/ipv6/ip6output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about...

ipv6: Fix signed integer overflow in __ip6_append_data

...

Linux Distros Unpatched Vulnerability : CVE-2023-52527

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv4, ipv6: Fix handling of transhdrlen in ip,6appenddata Including the transhdrlen in length is a problem when the packet is partially filled e.g. something...

CVE-2018-9389

In ip6appenddata of ip6output.c, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

SUSE CVE-2022-49728

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix signed integer overflow in ip6appenddata Resurrect ubsan overflow checks and ubsan report this warning, fix it by change the variable length type to sizet. UBSAN: signed-integer-overflow in net/ipv6/ip6output.c:1489:19...

AZL-58045 CVE-2022-49728 affecting package kernel for versions less than 5.15.180.1-1

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix signed integer overflow in ip6appenddata Resurrect ubsan overflow checks and ubsan report this warning, fix it by change the variable length type to sizet. UBSAN: signed-integer-overflow in net/ipv6/ip6output.c:1489:19...

DEBIAN-CVE-2022-49728

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix signed integer overflow in ip6appenddata Resurrect ubsan overflow checks and ubsan report this warning, fix it by change the variable length type to sizet. UBSAN: signed-integer-overflow in net/ipv6/ip6output.c:1489:19...

UBUNTU-CVE-2022-49728

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix signed integer overflow in ip6appenddata Resurrect ubsan overflow checks and ubsan report this warning, fix it by change the variable length type to sizet. UBSAN: signed-integer-overflow in net/ipv6/ip6output.c:1489:19...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a signed integer overflow in the ip6appenddata function...

PT-2025-1339 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: In the ip6 append data function of ip6 output.c, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to a local privilege escalation...

The vulnerability of the __ip{,6}_append_data() function in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the ip,6appenddata function in the Linux operating system’s kernel is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

CLSA-2024-1727817758 Fix of 74 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26752 - l2tp: pass correct message length to ip6appenddata CVE-url: https://ubuntu.com/security/CVE-2021-47188 - scsi: ufs: core: Improve SCSI abort handling CVE-url: https://ubuntu.com/security/CVE-2024-26677 - rxrpc: Fix delayed ACKs to not set the...

CLSA-2024-1727816002 Fix of 60 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26752 - l2tp: pass correct message length to ip6appenddata CVE-url: https://ubuntu.com/security/CVE-2023-52527 - ipv4, ipv6: Fix handling of transhdrlen in ip,6appenddata CVE-url: https://ubuntu.com/security/CVE-2024-43882 - exec: Fix ToCToU between...

UBUNTU-CVE-2024-26752

In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message length to ip6appenddata l2tpip6sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To manage this, we check whether the...

CVE-2023-52527

In the Linux kernel, the following vulnerability has been resolved: ipv4, ipv6: Fix handling of transhdrlen in ip,6appenddata Including the transhdrlen in length is a problem when the packet is partially filled e.g. something like sendMSGMORE happened previously when appending to an IPv4 or IPv6...

PT-2023-9463 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the handling of transhdrlen in the ip,6 append data function. Including transhdrlen in the length is a problem when the packet is partially filled, as it can...

SUSE CVE-2005-3848

Memory leak in the icmppushreply function in Linux 2.6 before 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of service memory consumption via a large number of crafted packets that cause the ipappenddata function to fail, aka "DST leak in icmppushreply."...

Secdo: Privilege escalation via hardcoded script path

Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk C:\ to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo...

kernel: Exploitable memory corruption due to UFO to non-UFO path switch

An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ipufoappenddata when building an UFO packet with MSGMORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privilege...