98 matches found
CVE-2026-49475
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser...
CVE-2026-49475 FreeSWITCH: Out-of-bounds memory access in core STUN attribute parsing
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser...
CVE-2026-49475 FreeSWITCH: Out-of-bounds memory access in core STUN attribute parsing
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser...
CVE-2026-49475
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser...
CVE-2026-48685
FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgpprotocol.hpp, the parserawbgpattribute function correctly identifies when extendedlengthbit is set and sets lengthoflengthfield...
DEBIAN-CVE-2026-48685
FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgpprotocol.hpp, the parserawbgpattribute function correctly identifies when extendedlengthbit is set and sets lengthoflengthfield...
UBUNTU-CVE-2026-48685
FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgpprotocol.hpp, the parserawbgpattribute function correctly identifies when extendedlengthbit is set and sets lengthoflengthfield...
PT-2026-43272
FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgp protocol.hpp, the parse raw bgp attribute function correctly identifies when extended length bit is set and sets length of...
GHSA-P3W2-64XM-833J GoBGP has a panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference)
Summary Remote Denial of Service DoS via Nil Pointer Dereference in BGP Update Processing An unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent attribute lengths, it improperly...
Astra Linux – Vulnerability in ntfs-3g
A properly crafted NTFS image can lead to a out-of-bounds access vulnerability, caused by an unsanitized attribute length in ntfs inodelookupbyname, in NTFS-3G 2021.8.22...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of verification of EaNameLength in smb2getea, potentially leading to the leakage of...
freerdp: FreeRDP heap-buffer-overflow
A heap based buffer overflow has been discovered in FreeRDP. This heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length...
freerdp: FreeRDP heap-buffer-overflow
A heap based buffer overflow has been discovered in FreeRDP. This heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length...
freerdp: FreeRDP heap-buffer-overflow
A heap based buffer overflow has been discovered in FreeRDP. This heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length...
freerdp: FreeRDP heap-buffer-overflow
A heap based buffer overflow has been discovered in FreeRDP. This heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length...
freerdp: FreeRDP heap-buffer-overflow
A heap based buffer overflow has been discovered in FreeRDP. This heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length...
freerdp: FreeRDP heap-buffer-overflow
A heap based buffer overflow has been discovered in FreeRDP. This heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length...
freerdp: FreeRDP heap-buffer-overflow
A heap based buffer overflow has been discovered in FreeRDP. This heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length...
CVE-2025-68806
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix buffer validation by including null terminator size in EA length The smb2setea function, which handles Extended Attributes EA, was performing buffer validation checks that incorrectly omitted the size of the null...
CVE-2026-22855
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1...