Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Avoid potential buffer over-reading in parseapplysbmountoptions. Unlike other strings in the ext4 superblock, we rely on tune2fs to ensure that smountopts is terminated with NUL. Harden parseapplysbmountoptions by treating...

Astra Linux - уязвимость в ruby2.5

There is a buffer over-read issue in Ruby before version 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. This issue occurs during the conversion from strings to floats, including in methods like KernelFloat and Stringtof...

Astra Linux - уязвимость в vim

Buffer over-reading in the GitHub repository vim/vim before version 8.2...

Astra Linux - уязвимость в libsdl1.2, libsdl2, sdl-image1.2

In SDL Simple DirectMediaLayer, versions from 1.2.15 up to 2.x, and then from 2.0.9 onwards, there is a heap-based buffer over-read issue in the BlitNtoN function within the video/SDLblitN.c file, when it is called from the SDLSoftBlit function in the video/SDLblit.c file...

Astra Linux - уязвимость в vim

Buffer over-reading in the findnextquote function in the GitHub repository’s Vim/Vim version prior to 8.2.4925. These vulnerabilities can cause software to crash, modify memory, and may lead to remote execution...

Astra Linux - уязвимость в ruby2.5

A buffer-overread issue was discovered in StringIO 3.0.1, which is available in Ruby 3.0.x through 3.0.6, and in Ruby 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: mvm – Do not read beyond the mfuart notification. In the event that the firmware sends a notification claiming to have more data than it actually does, we will read beyond the allocated space for the notification...

Astra Linux - уязвимость в vim

“Buffer over-reading” in the grabfilename function in the GitHub repository’s Vim/Vim version prior to 8.2.4956. This vulnerability could cause the software to crash, lead to memory modifications, and may allow for remote execution...

Astra Linux - уязвимость в php7.3, php8.1

In PHP versions 8.1. before 8.1.31, and 8.2. before 8.2.26, as well as 8.3. before 8.3.14, a bug in the convert.quoted-printable-decode filter can cause certain data to be read as one byte too much. This can, under certain circumstances, lead to crashes or reveal content from other memory areas...

Astra Linux - уязвимость в qt4-x11

A issue was discovered in Qt between versions 5.12.9, 5.13.x, and 5.15.x up to 5.15.1. The readxbmbody function in gui/image/qxbmhandler.cpp has a buffer over-read issue...

Astra Linux - уязвимость в gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. A OOB-read vulnerability has been discovered in the parseds64 function within gstwavparse.c. The parseds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, resulting...

Astra Linux - уязвимость в pillow

In the path.c file of Pillow, before version 9.0.0, there was an issue where the pathgetbbox function had a buffer over-reading during the initialization of ImagePath.Path...

Astra Linux - уязвимость в squid

Squid is a caching proxy for the web that supports HTTP, HTTPS, FTP, and other protocols. Due to a Buffer Overread bug, Squid is vulnerable to a Denial of Service attack targeting the Squid HTTP message processing mechanism. This bug has been fixed in Squid version 6.5. Users are advised to...

Astra Linux - уязвимость в libslirp

In ncsi.c within libslirp up to 4.3.1, there is an issue of buffer over-reading. This occurs because the program attempts to read a certain amount of header data, even when that amount exceeds the total packet length...

Astra Linux - уязвимость в hdf5

A issue was discovered in HDF5 through version 1.12.0. There is a heap-based buffer over-read in the function H5Olayoutdecode, located in H5Olayout.c. This allows an attacker to cause a Denial of Service attack...

Astra Linux - уязвимость в libsoup2.4

A flaw was discovered in libsoup. The libsoup appendparamquoted function may contain an overflow bug, which can lead to a buffer under-read...

Astra Linux - уязвимость в libsdl1.2, libsdl2

In SDLLoadWAVRW in the audio/SDLwave.c file, there is an issue of buffer over-reading for versions from 1.2.15 up to 2.x, and further up to 2.0.9...

Astra Linux - уязвимость в aspell

The libaspell.a file in GNU Aspell before version 0.60.8 has a buffer overflow issue for strings that end with a single '\0' byte. This issue occurs when the encoding is set to ucs-2 or ucs-4 outside of the application, as indicated by the ASPELLCONF environment variable...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: s390/aes – Fix for buffer overreading in CTR mode When processing the last block, the s390 CTR code will always read a whole block, even if there is no data left in that block. This issue is fixed by using the actual...

Astra Linux - уязвимость в libsdl1.2, libsdl2

The SDL Simple DirectMediaLayer versions from 1.2.15 up to 2.x, and from 2.0.9 up to 2.0.9, have a buffer over-reading issue in the IMAADPCMnibble function in the audio/SDLwave.c file...