777 matches found
CVE-2026-9267
Eclipse tinydtls before commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221 contains an out-of-bounds read vulnerability in the checkservercertificate function that allows unauthenticated attackers to trigger reads beyond valid buffer boundaries by crafting a Certificate handshake message with a...
Bluetooth: RFCOMM: validate skb length in MCC handlers
...
CVE-2026-53254
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: validate skb length in MCC handlers The RFCOMM MCC handlers cast skb-data to protocol-specific structs without validating skb-len first. A malicious remote device can send truncated MCC frames and trigger...
CVE-2026-52982
In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix use-after-free in rtl8150startxmit syzbot reported a KASAN slab-use-after-free read in rtl8150startxmit when accessing skb-len for tx statistics after usbsubmiturb has been called: BUG: KASAN:...
CVE-2026-54257
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow. Most apps will crash and some may perform incorrect buffer allocations in t...
CVE-2026-10658
CVE-2026-10658 affects Zephyr’s Bluetooth Host ISO RX path, specifically bt_iso_recv() in subsys/bluetooth/host/iso.c. The vulnerability arises from missing minimum length checks for SDU headers when processing PB=START/SINGLE, allowing a malformed HCI ISO payload to bypass the inner header lengt...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Corrected the incorrect validation of the next buffer length in smb2setea. There are multiple smb2eainfo buffers in the FILEFULLEAINFORMATION request from the client. ksmbd uses the NextEntryOffset of the current...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: Fixed the issue where no check was performed on the length of skb in hciacldatapacket. This fix ensures that it actually checks whether skb indeed contains an ACL header; otherwise, the code might attempt to...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net: qrtr: Fixed a bug related to access to the uninit variable in qrtrtxresume. Syzbot reported the following bugs: ===================================================== BUG: KMSAN: uninit-value in qrtrtxresume+0x185/0x1f0...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed a potential out-of-bounds write issue in getfileallinfo for compound requests. When a compound request consists of QUERYDIRECTORY + QUERYINFO FILEALLINFORMATION, and the first command consumes nearly the entire...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k – Avoid referencing uninitialized memory in ath9kwmictrlrx. For the same reasons described in commit b383e8abed41 “Wifi: ath9k – Avoid uninitialized memory reading in ath9khtcrxmsg”, ath9khtcrxmsg should validate the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Validates buffer length during parsing of index The indxread function is called when there are certain NTFS directory operations that require more information from the index buffers. This adds a sanity check to ensur...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In the BPF code, ensure that skb-len != 0 when redirecting a packet to a tunneling device. The syzkaller function managed to trigger another case where skb-len == 0 when entering devqueuexmit. WARNING: CPU: 0, PID: 2470; Location...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Fixed the handling of the “quote” buffer length controlled by the host. The host-controlled value quotebuf-outlen is validated to determine how many bytes of the quote are copied to the guest userspace. In TDX...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: A use-after-free issue was addressed in emacmactxbufsend. In emacmactxbufsend, it calls emactxfilltpd.., skb,... If an error occurs in emactxfilltpd, the skb will be freed via devkfreeskbskb in the error branch...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fixed a 1-byte out-of-bounds read in uvcparseformat. The check for the buffer length before calling uvcparseformat only ensured that the buffer contained at least 3 bytes buflen 2. However, the function accesses...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Check the length of skb for an unknown CC opcode. In hcicmdCompleteevt, if the command completion event has an unknown opcode, we assume that the first byte of skb-data contains the return status. However, th...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the htundoimpl function. An attacker can cause a crash and potentially leak adjacent heap memory by supplying a crafted EXR file with mismatched channel width and buffer length. Remediation Upgrade openexr...
GHSA-Q6M5-F73J-M9MC Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow
Impact Most apps will crash and some may perform incorrect buffer allocations in the Node.js Buffer API resulting in unexpected truncation or allocation. Workarounds No workarounds. Do not use these impacted Electron releases Fixed Versions 42.3.3 For more information If you have any questions or...
NPM: Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow
NPM: Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow vulnerability discovered by ? in WordPress Npm electron versions = 42.3.1, 42.3.3...