The vulnerability of the MPLS Operation, Administration, and Maintenance (OAM) function of the Cisco NX-OS operating system allows a attacker to cause maintenance failures.

The vulnerability of the MPLS Operation, Administration, and Maintenance OAM function in the Cisco NX-OS operating system is related to the lack of checks on buffer length and reading beyond the memory boundary. Exploiting this vulnerability can allow a malicious actor to cause service...

CVE-2021-3581

Buffer Access with Incorrect Length Value in zephyr. Zephyr versions = =2.5.0 contain Buffer Access with Incorrect Length Value CWE-805. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5...

PT-2021-21063 · Zephyr · Zephyr

Name of the Vulnerable Software and Affected Versions: Zephyr versions 2.5.0 and later Description: The issue is related to Buffer Access with Incorrect Length Value in Zephyr, which is described as CWE-805. This problem affects Zephyr versions 2.5.0 and later. Recommendations: For Zephyr version...

多款Qualcomm产品缓冲区错误漏洞

Qualcomm chips are chips from Qualcomm, Inc. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and is often manufactured on the surface of semiconductor wafers. Several Qualcomm Snapdragon products are vulnerable to a buffer overflow. The vulnerability...

`DecimalArray` does not perform bound checks on accessing values and offsets

DecimalArray performs insufficient bounds checks, which allows out-of-bounds reads in safe code if the length of the backing buffer is not a multiple of 16...

CVE-2021-1930

Possible out of bounds read due to incorrect validation of incoming buffer length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile...

Out-of-bounds

Possible out of bounds read due to incorrect validation of incoming buffer length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile...

CVE-2021-1930

CVE-2021-1930 describes a buffer-length validation bug in Qualcomm Snapdragon components (Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, and Mobile) that can cause an out-of-bounds read. The root cause is incorrect validation of the incoming buffer length, leading to potent...

CVE-2021-1930

Possible out of bounds read due to incorrect validation of incoming buffer length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile...

GHSA-W7J2-35MF-95P7 Incorrect check on buffer length in rand_core

An issue was discovered in the randcore crate before 0.6.2 for Rust. Because readu32into and readu64into mishandle certain buffer-length checks, a random number generator may be seeded with too little data. The vulnerability was introduced in v0.6.0. The advisory doesn't apply to earlier minor...

Incorrect check on buffer length in rand_core

An issue was discovered in the randcore crate before 0.6.2 for Rust. Because readu32into and readu64into mishandle certain buffer-length checks, a random number generator may be seeded with too little data. The vulnerability was introduced in v0.6.0. The advisory doesn't apply to earlier minor...

CVE-2021-21827

A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within DecodeTreeBlock which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An...

In drivers/char/virtio_console.c in the Linux kernel before 5.13.4 data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior

...

DEBIAN-CVE-2021-38160

In drivers/char/virtioconsole.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf-len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; th...

AZL-6580 CVE-2021-38160 affecting package kernel for versions less than 5.10.78.1-1

In drivers/char/virtioconsole.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf-len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; th...

UBUNTU-CVE-2021-38160

In drivers/char/virtioconsole.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf-len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; th...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in the Linux kernel driver char virtio console.c. Data corruption or loss may be triggered by an untrusted...

Qualcomm多款产品 缓冲区错误漏洞

The Qualcomm Snapdragon SOC Snapdragon Processor is a chip from Qualcomm Incorporated that is used in mobile devices to process information. A buffer error vulnerability exists in multiple Qualcomm products that stems from incorrect validation of incoming buffer lengths, which could result in...

Buffer overflow

Possible buffer overflow due to improper validation of buffer length while processing fast boot commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

CVE-2021-34374

Trusty contains a vulnerability in command handlers where the length of input buffers is not verified. This vulnerability can cause memory corruption, which may lead to information disclosure, escalation of privileges, and denial of service...