Astra Linux - уязвимость в binutils

A vulnerability, classified as problematic, was discovered in GNU Binutils up to version 2.43. This vulnerability affects the disassemblebytes function in the file binutils/objdump.c. Manipulation of the buf argument leads to a stack-based buffer overflow. The attack can be initiated remotely. Th...

Astra Linux - уязвимость в edk2

EDK2 is vulnerable to a vulnerability in the Tcg2MeasureGptTable function, which allows a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in compromises of confidentiality, integrity, and/or availability...

Astra Linux - уязвимость в fig2dev

A flaw was discovered in fig2dev. This vulnerability allows for availability through local input manipulation using the gengeitpspline function...

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2 in versions prior to 2.06. The option parser allows an attacker to overwrite a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The greatest threat from this vulnerability is to data confidentiality and...

Astra Linux - уязвимость в openjpeg2

There is a flaw in OpenJPEG’s T2 encoder in versions prior to 2.4.0. An attacker who can provide crafted input for OpenJPEG to process may cause a null pointer dereferencing. The most significant impact of this flaw is the availability of the application...

Astra Linux - уязвимость в advancecomp

A segmentation fault flaw was detected in the Advancecomp package. This may result in reduced availability...

Astra Linux - уязвимость в haproxy

HAProxy versions 2.0.32, 2.1.x, and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 send empty Content-Length headers, violating section 8.6 of RFC 9110. In rare cases, an HTTP/1 server behind HAPProxy may interpret...

Astra Linux - уязвимость в edk2

EDK2 contains a vulnerability when the S3 sleep mechanism is activated. In this case, an attacker may cause a Division-by-Zero error due to a UNIT32 overflow through local access. Successful exploitation of this vulnerability could result in a loss of availability...

Astra Linux - уязвимость в libwebp

A flaw was discovered in libwebp in versions prior to 1.0.1. A heap-based buffer overflow is possible in the function WebPDecodeRGBInto due to an invalid check for buffer size. The greatest threat from this vulnerability is related to data confidentiality and integrity, as well as system...

Astra Linux - уязвимость в openexr

There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with the application’s functionality and availability...

Astra Linux - уязвимость в tiff

An integer overflow flaw was discovered in libtiff, which resides in the tifgetimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The greatest threat posed by this vulnerability relates to confidentiality, integrity, and system...

Astra Linux - уязвимость в imagemagick

A flaw was discovered in ImageMagick within MagickCore/statistic.c. An attacker who submits a crafted file processed by ImageMagick could induce undefined behavior, resulting in an excessively large value for the 64-bit type ssizet. This likely leads to a disruption in the application’s...

Astra Linux - уязвимость в openexr

A flaw was discovered in OpenEXR in versions prior to 3.0.0-beta. A specially crafted input file provided by an attacker, when processed by the Dwa decompression functionality of OpenEXR’s IlmImf library, could lead to a NULL pointer dereferencing error. The most severe consequence of this...

Astra Linux - уязвимость в php8.1, php7.3

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, a heap buffer overflow occurs in the arrayMerge function when the total number of elements in packed arrays exceeds 32-bit limits or HTMAXSIZE. This issue is caused by an integer...

Astra Linux - уязвимость в avahi

A flaw was discovered in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not handled correctly in the clientwork function, allowing a local attacker to trigger an infinite loop. The most significant threat from this...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: hsr: The WARNONCE function was removed from the sendhsrsupervisionframe function. Syzkaller reported 1 that a warning was issued after attempting to allocate resources for skb in hsrinitskb. Since a WARNONCE call does not...

Astra Linux - уязвимость в ceph

An authentication flaw was discovered in Ceph versions prior to 14.2.20. When the monitor processes CEPHXGETAUTHSESSIONKEY requests, it does not sanitize otherkeys, allowing for key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid that has...

Astra Linux - уязвимость в xorg-server

A flaw was discovered in xorg-x11-server in versions prior to 21.1.2 and prior to 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The greatest threat posed by this vulnerability is related to data confidentiality and integrity, as well as system availability...

Astra Linux - уязвимость в qemu

A flaw was discovered in the QEMU implementation of VMWare’s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs when handling a “PVRDMAREGDSRHIGH” write from the guest, and it may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer...

Astra Linux - уязвимость в python3.7, python2.7

A flaw was discovered in Python. Improper handling of HTTP responses in the Python HTTP client code may allow a remote attacker, who controls the HTTP server, to cause the client script to enter an infinite loop, consuming CPU resources. The greatest threat of this vulnerability is to system...