267 matches found
OpenTelemetry eBPF Instrumentation 安全漏洞
OpenTelemetry eBPF Instrumentation is an open-source eBPF-based lightweight telemetry data collection tool developed by OpenTelemetry. Versions of OpenTelemetry eBPF Instrumentation prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of a 256-byte backup...
Symfony's JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits — ReDoS
Description The JsonPath component's match and search filter functions compile a caller-supplied pattern straight into pregmatch: php 'match' = @pregmatch\sprintf'/^%s$/u', $this-transformJsonPathRegex$argList1, $value, 'search' = @pregmatch"/$this-transformJsonPathRegex$argList1/u", $value,...
CVE-2026-43009
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix incorrect pruning due to atomic fetch precision tracking When backtrackinsn encounters a BPFSTX instruction with BPFATOMIC and BPFFETCH, the src register or r0 for BPFCMPXCHG also acts as a destination, thus receiving th...
CVE-2026-43009
The CVE-2026-43009 family concerns the Linux kernel BPF verifier. Connected sources describe a bug where backtrack_insn did not correctly account for atomic fetch variants (BPF_ATOMIC with BPF_FETCH) during memory-precision tracking, causing the verifier to prune paths incorrectly. The fix extend...
PT-2026-36426
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel eBPF verifier where the backtrack insn function fails to correctly handle atomic fetch operations. When encountering a BPF STX instruction with BPF...
EUVD-2016-10741
Malware in sbrugna...
EUVD-2012-0041
Malware in sbrugna...
EUVD-2023-59762
Malicious code in bioql PyPI...
CVE-2023-52928
In the Linux kernel, the following vulnerability has been resolved: bpf: Skip invalid kfunc call in backtrackinsn The verifier skips invalid kfunc call in checkkfunccall, which would be captured in fixupkfunccall if such insn is not eliminated by dead code elimination. However, this can lead to t...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from backtrackinsn not skipping an invalid kfunc call...
PT-2025-13304 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the bpf verifier skipping invalid kfunc calls in backtrack insn. This issue could lead to a warning in backtrack insn...
CVE-2022-34749
A regular expression denial of service ReDoS flaw was found in the asteris emphasis regular expression implementation in Mistune. By sending specially-crafted regex input, a remote attacker could invoke a catastrophic backtrack, resulting in a denial of service...
ROS-20231030-02
A vulnerability in the Django web application software platform, is related to regular expressions for text clipping that have linear backtrack complexity, which can be slow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service with certain HTML...
The vulnerability of the backtrack_insn() function in the kernel/bpf/verifier.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the backtrackinsn function in the kernel/bpf/verifier.c module of the Linux operating system is related to calls outside of the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...
SUSE CVE-2016-7869
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to backtrack search functionality. Successful exploitation could lead to arbitrary code execution...
PT-2023-35099 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.93 Description: The issue concerns an invalid kfunc call in backtrack insn within the bpf component. The actual impact and potential for attack have not been fully determined. Recommendations: For Linux...
html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS)
This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...
CVE-2021-23346
CVE-2021-23346 affects Node.js packages html-parse-stringify and html-parse-stringify2. The vulnerability is a Regular Expression DoS (ReDoS) due to backtracking in parsing regex, which can cause the process to freeze and lead to a denial of service. IBM IBM Cloud Pak for Security CP4S versions 1...
Ettercap - A Comprehensive Suite For Man In The Middle Attacks
Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis. ETTERCAP...
BruteSploit - Collection Of Method For Automated Generate, Bruteforce And Manipulation Wordlist
BruteSploit is a collection of method for automated Generate, Bruteforce and Manipulation wordlist with interactive shell. That can be used during a penetration test to enumerate and can be used in CTF for manipulation,combine,transform and permutation some words or file text. Tutorial Check in...