Security Bulletin: qs Array Limit Bypass via Comma Parsing Enables Denial of Service

Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...

Security Bulletin: Lodash Prototype Pollution Bypass in _.unset and _.omit via Array Path Segments

Summary Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

EUVD-2025-209624

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXParser.cpp, ParseVectorDataArray...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix potential null-ptr-deref on tracearray in kprobeeventgentestexit When testgenkprobecmd failed after kprobeeventgencmdend, it will goto delete, which will call kprobeeventdelete and release the corresponding...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Tracing: It was determined that processstring also allows arrays. To address a common bug where TRACEEVENT’s TPfastassign assigns the address of an allocated string to the ring buffer and then references it in TPPrintk, which can...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix array index out of bound exception Fix array index out of bound exception in fcrportprliresp...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed an array-index-out-of-bounds issue in dcn35clkmgr. Why There is a potential memory access violation during the iteration of the dcn35 clks’ array. How The iteration rate per array size has been limited...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ocfs2: Fixed a panic that occurred during failed allocation of folio blocks. The commits 7e119cff9d0a “ocfs2: converting wpages to wfolios” and 9a5e08652dc4b “ocfs2: using an array of folios instead of an array of pages” fixed...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: interconnect: fix mem leak when freeing nodes The node link array is allocated when adding links to a node but is not deallocated when nodes are destroyed...

Astra Linux - уязвимость в dbus

A issue was discovered in D-Bus before 1.12.24, 1.13.x, and 1.14.x, before 1.14.4, and 1.15.x, before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where the array length is inconsistent with the size of the element...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: gpio: Preventing potential speculation leaks in gpiodevicegetdesc The userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do this by calling gpioioctl with an offset that is out of...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: xfrm: fix refcount leak in xfrmpolicycheck The issue happens on an error path in xfrmpolicycheck. When the fetching process of the object pols1 fails, the function simply returns 0, forgetting to decrement the reference count of...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: tulip: de4x5: fix the problem that the array 'lp-phy8' may be out of bound In line 5001, if all id in the array 'lp-phy8' is not 0, when the 'for' end, the 'k' is 8. At this time, the array 'lp-phy8' may be out of bound...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Ensure that objs is not NULL in virtiogpuarrayputfree If virtiogpuobjectshmeminit fails e.g. due to fault injection, as it happened in the bug report by syzbot, virtiogpuarrayputfree could be called with objs equal to...

Astra Linux - уязвимость в dcmtk

An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...

Astra Linux - уязвимость в libjettison-java

An infinite recursion occurs in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This results in a StackOverflowError exception being thrown...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: hp-bioscfg: Fixed out-of-bounds array access issues during ACPI package parsing. The hppopulateelementsfrompackage functions in the hp-bioscfg driver contain vulnerabilities related to out-of-bounds array access...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: keys: Fixed the issue of linking a duplicate key to a keyring’s assocarray. When making a DNS query within the kernel using dnsquery, the request code can, in rare cases, create a duplicate index key in the assocarray of the...

Astra Linux - уязвимость в firefox, thunderbird

An attacker was able to perform out-of-bounds read or write operations on a JavaScript object by misunderstanding the sizes of array indices. This vulnerability has been fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: fs: prevent out-of-bounds array speculation when closing a file descriptor Google-Bug-Id: 114199369...