Lucene search
K

81 matches found

NVD
NVD
added 2026/06/29 11:16 p.m.12 views

CVE-2026-10648

mcumgrserialprocessfrag in subsys/mgmt/mcumgr/transport/src/serialutil.c calls netbufreset on the result of smppacketalloc before checking it for NULL. smppacketalloc uses netbufallocKNOWAIT against the shared MCUmgr packet pool CONFIGMCUMGRTRANSPORTNETBUFCOUNT, default 4, which returns NULL when...

6.2CVSS0.00109EPSS
Exploits1References2
CVE
CVE
added 2026/06/29 10:51 p.m.19 views

CVE-2026-10648

CVE-2026-10648 affects Zephyr’s MCUmgr serial/console SMP transport paths. The bug occurs in mcumgr_serial_process_frag() where net_buf_reset() is invoked on the result of smp_packet_alloc() before checking NULL. smp_packet_alloc() draws from the shared MCUmgr packet pool (default 4 entries) via ...

6.2CVSS6AI score0.00109EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53755

Name of the Vulnerable Software and Affected Versions Zephyr version 4.4.0 Description An issue exists where the mcumgr serial process frag function in subsys/mgmt/mcumgr/transport/src/serial util.c calls net buf reset on the result of smp packet alloc without first verifying if the result is NUL...

6.2CVSS5.9AI score0.00109EPSS
Exploits1References6
CVE
CVE
added 2026/06/25 4:27 p.m.15 views

CVE-2026-13351

Zephyr’s IPv6 network stack is vulnerable to a denial-of-service caused by fragmented IPv6 packets. In the fragment-header processing path, the RX network packet buffer allocated from a memory slab is not released back to the pool after handling malicious fragments. Repeating such packets exhaust...

7.5CVSS6AI score0.00278EPSS
Exploits1References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 9:1 a.m.8 views

Security Bulletin: There is a vulnerability in kafka-clients-3.9.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-35554)

Summary There is a vulnerability in kafka-clients-3.9.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-35554 DESCRIPTION: A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be...

8.7CVSS6AI score0.00328EPSS
Exploits0Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Wayland

An internal reference count is maintained on the buffer pool; this count increments every time a new buffer is created from the pool. The reference count is stored as an integer. On LP64 systems, this can lead to an overflow if the client creates a large number of wlshm buffer objects, or if it...

6.6CVSS6.9AI score0.00297EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.8 views

Apache Kafka Clients: Apache Kafka Clients: Information disclosure and data corruption due to race condition in producer buffer management

A flaw was found in the Apache Kafka Java producer client. A race condition in the client's buffer pool management can cause messages to be silently delivered to incorrect topics. This occurs when a message batch expires while its network request is still active, leading to premature buffer...

8.7CVSS5.8AI score0.00328EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/04/23 1:23 a.m.7 views

SUSE CVE-2026-35554

A race condition in the Apache Kafka Java producer client's buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch's ByteBuffer is...

8.7CVSS5.9AI score0.00328EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/20 2:24 p.m.6 views

CVE-2026-35554

A flaw was found in the Apache Kafka Java producer client. A race condition in the client's buffer pool management can cause messages to be silently delivered to incorrect topics. This occurs when a message batch expires while its network request is still active, leading to premature buffer...

8.7CVSS5.6AI score0.00328EPSS
Exploits0References5
OSV
OSV
added 2026/04/14 12:58 p.m.6 views

JLSEC-2026-97

An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wlshm buffer objects, or if it...

6.6CVSS7AI score0.00297EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/07 3:30 p.m.11 views

EUVD-2026-19631

A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch’s ByteBuffer is...

8.7CVSS6.1AI score0.00328EPSS
Exploits0References3
OSV
OSV
added 2026/04/07 3:30 p.m.9 views

GHSA-5QCV-4RPC-JP93 Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition

A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch’s ByteBuffer is...

8.7CVSS5.9AI score0.00328EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2026/04/07 3:30 p.m.9 views

Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition

A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch’s ByteBuffer is...

8.7CVSS5.9AI score0.00328EPSS
Exploits0References11Affected Software1
NVD
NVD
added 2026/04/07 2:16 p.m.37 views

CVE-2026-35554

A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch’s ByteBuffer is...

8.7CVSS0.00328EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/07 1:7 p.m.1 views

CVE-2026-35554

A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch’s ByteBuffer is...

8.7CVSS6.1AI score0.00328EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/07 1:7 p.m.51 views

CVE-2026-35554

Summary of CVE-2026-35554 : A race condition in the Apache Kafka Java producer client’s buffer pool management can cause message corruption and misrouting. When a produce batch expires due to delivery timeout while its network request is in flight, the batch ByteBuffer may be deallocated early an...

8.7CVSS6.1AI score0.00328EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/07 1:7 p.m.3 views

CVE-2026-35554 Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition

A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch’s ByteBuffer is...

6.1AI score0.00328EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/07 1:7 p.m.23 views

CVE-2026-35554 Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition

A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch’s ByteBuffer is...

0.00328EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.7 views

Apache Kafka 安全漏洞

Apache Kafka is an open-source distributed streaming platform developed by the Apache Foundation in the United States. This platform enables the acquisition of real-time data, allowing for the creation of applications that can respond in real time to changes in data streams. There are security...

8.7CVSS5.9AI score0.00328EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30827

Name of the Vulnerable Software and Affected Versions Apache Kafka versions 3.9.1 and earlier, 4.0.1 and earlier, and 4.1.1 and earlier Description A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics...

8.7CVSS5.8AI score0.00328EPSS
Exploits0References81
Rows per page
Query Builder