CVE-2024-9355

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...

Heap-based Buffer Overflow

libzephyr.so is vulnerable to a Heap-based Buffer Overflow. The vulnerability is due to inadequate validation of buffer lengths in BLE connection update operations, which could lead to a divide by zero condition...

CVE-2024-6135

BT:Classic: Multiple missing buf length checks...

CVE-2024-6135 BT:Classic: Multiple missing buf length checks

BT:Classic: Multiple missing buf length checks...

CVE-2024-6135

CVE-2024-6135 relates to Zephyr RTOS (BT Classic) where the protocol handling lacks several buffer length checks, enabling a heap-based buffer overflow. Connected sources describe inadequate validation of buffer lengths in BLE/connection update flows and multiple missing length checks in the BT C...

CVE-2024-6258

BT: Missing length checks of netbuf in rfcommhandledata...

Zephyr 安全漏洞

Zephyr is an extensible real-time operating system RTOS open-sourced by Zephyr. A security vulnerability exists in Zephyr version 3.6 and prior versions, which stems from a lack of checking the length of netbuf when processing data for the RFCOMM protocol, which could lead to a heap-based buffer...

PT-2024-37410 · Unknown · Bt Classic

Name of the Vulnerable Software and Affected Versions: BT:Classic affected versions not specified Description: The issue concerns multiple missing buffer length checks. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-worl...

DEBIAN-CVE-2024-45616

A vulnerability was found in OpenSC, OpenSC tools, PKCS11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response AP...

UBUNTU-CVE-2024-45616

A vulnerability was found in OpenSC, OpenSC tools, PKCS11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response AP...

ALPINE-CVE-2024-45490

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer...

UBUNTU-CVE-2024-45490

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer...

kernel: wifi: ath11k: decrease MHI channel buffer length to 8KB

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: decrease MHI channel buffer length to 8KB The Linux kernel CVE team has assigned CVE-2024-35938 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051918-CVE-2024-35938-0100@gregkh/T...

kernel: wifi: ath11k: decrease MHI channel buffer length to 8KB

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: decrease MHI channel buffer length to 8KB The Linux kernel CVE team has assigned CVE-2024-35938 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051918-CVE-2024-35938-0100@gregkh/T...

An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks a random number generator may be seeded with too little data.

...

UBUNTU-CVE-2024-38621

In the Linux kernel, the following vulnerability has been resolved: media: stk1160: fix bounds checking in stk1160copyvideo The subtract in this condition is reversed. The -length is the length of the buffer. The -bytesused is how many bytes we have copied thus far. When the condition is reversed...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the afnetlink component's lack of a length check on skb...

CVE-2024-31956

An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks proper buffer length checking, which can result in an Out-of-Bounds Write...

CVE-2024-31956

CVE-2024-31956 affects Samsung Mobile Processor Exynos 2200, Exynos 1480, and Exynos 2400. The issue is improper buffer length checking that can cause an Out-of-Bounds Write in these components. Public technical details in connected documents identify the affected products and the root cause (buf...

SAMSUNG Mobile Processor Security Vulnerability

SAMSUNG Mobile Processor is a family of mobile processors from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile Processor that stems from a lack of proper buffer length checking, which could result in out-of-bounds writes...