Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/05/01 1:56 p.m.33 views

CVE-2026-31708 smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB read in smb2ioctlqueryinfo QUERYINFO path smb2ioctlqueryinfo has two response-copy branches: PASSTHRUFSCTL and the default QUERYINFO path. The QUERYINFO branch clamps qi.inputbufferlength to the server-report...

8.1CVSS0.00307EPSS
Exploits0References8
CVE
CVE
added 2026/04/24 6:9 p.m.1088 views

CVE-2026-41907

The CVE affects the uuid implementation used to create RFC9562 UUIDs. Prior to version 14.0.0, v3, v5, and v6 allow silent partial writes by accepting external output buffers without rejecting out-of-range writes (small buffers or large offsets), enabling potential corruption of caller-provided b...

9.3CVSS5.3AI score0.00337EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/04/24 6:9 p.m.2 views

CVE-2026-41907 uuid: Missing buffer bounds check in `v3`/`v5`/`v6` when `buf` is provided

uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes small buf or large offset. This allows silent partial writes into caller-provided buffers. This vulnerability is fixed in 14.0.0...

9.3CVSS5.9AI score0.00337EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2026/04/23 6:30 a.m.8 views

Duplicate Advisory: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w5hq-g745-h8pq. This link is maintained to preserve external references. Original Advisory uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6...

3.2CVSS5.7AI score0.00181EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/03/14 11:15 p.m.2 views

CVE-2021-43305

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend, don’t exceed the destination buffer’s limits. This issu...

8.8CVSS7.9AI score0.01646EPSS
Exploits1References3
Rows per page
Query Builder