9 matches found
CVE-2026-43178
In the Linux kernel, the following vulnerability has been resolved: procfs: fix possible double mmput in doprocmapquery When user provides incorrectly sized buffer for build ID for PROCMAPQUERY we return with -ENAMETOOLONG error. After recent changes this condition happens later, after we unlocke...
BIT-LIBPHP-2023-0568 Array overrun in common path resolve code
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value,...
Mozilla: Symlinks may resolve to smaller than expected buffers
The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink, a race may occur where the buffer passed to readlink may actually be smaller than necessary. This bug only affects Firefox on Unix-based operating systems Android, Linux, MacOS. Windows is unaffected...
Mozilla: Symlinks may resolve to smaller than expected buffers
The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink, a race may occur where the buffer passed to readlink may actually be smaller than necessary. This bug only affects Firefox on Unix-based operating systems Android, Linux, MacOS. Windows is unaffected...
UBUNTU-CVE-2020-28010
Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small on some common platforms...
CVE-2019-9210
In AdvanceCOMP 2.1, pngcompress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. There is also a heap-based buffer over-read...
CVE-2019-9210
In AdvanceCOMP 2.1, pngcompress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. There is also a heap-based buffer over-read...
CVE-2019-9210
In AdvanceCOMP 2.1, pngcompress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. There is also a heap-based buffer over-read...
UBUNTU-CVE-2017-9445
In systemd through 233, certain sizes passed to dnspacketnew in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and...