CVE-2026-5772

A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...

CVE-2026-5772

A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...

CVE-2026-5772 MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname Validation

A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...

CVE-2026-5772

The CVE-2026-5772 issue is a 1-byte stack buffer over-read in wolfSSL’s MatchDomainName (src/internal.c) when validating wildcards with LEFT_MOST_WILDCARD_ONLY; if a wildcard exhausts the hostname, one byte past the buffer is read without bounds checking, potentially crashing the process. Evidenc...

CVE-2026-5437

An out-of-bounds read vulnerability exists in DicomStreamReader during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly ...

UBUNTU-CVE-2026-5437

An out-of-bounds read vulnerability exists in DicomStreamReader during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly ...

SUSE-SU-2026:21016-1 Security update for util-linux

This update for util-linux fixes the following issues: Security issues: - CVE-2025-14104: heap buffer overread in setpwnam when processing 256-byte usernames bsc1254666. - CVE-2026-3184: access control bypass due to improper hostname canonicalization in login bsc1258859. Non security issues: -...

CLSA-2026-1775731413 libxml2: Fix of 8 CVEs

CVE-2023-45322: fix use-after-free in xmlStaticCopyNodeList when copying DTDs - CVE-2024-34459: fix buffer over-read in xmlHTMLPrintFileContext in xmllint - CVE-2025-6170: fix potential buffer overflows in xmllint interactive shell - CVE-2025-8732: fix stack overflow from self-referencing SGML...

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, designed for developers working with embedded systems. There is a security vulnerability in wolfSSL, which stems from an excessive read of the 1-byte stack buffer in the MatchDomainName...

The Sleuth Kit（TSK） 缓冲区错误漏洞

The Sleuth Kit TSK is a set of data forensics tools developed by Brian Carrier individually. This tool can analyze file systems such as FAT, NTFS, and UFS, and provide detailed information about those file systems. The Sleuth Kit TSK versions 4.14.0 and earlier contained a buffer error...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006771)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006771 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: s390/aes - Fix buffer overread in CTR mode When processing the last block, the s390 ctr...

ROS-20260408-73-0005

A vulnerability in the nfsfhtodentry function of the fs/nfs/export.c component of the Linux operating system kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260407-73-0013

A vulnerability in the fs/hfs/bnode.c component of the Linux operating system kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260407-73-0020

A vulnerability in the fs/smb/client/smb2ops.c component of the Linux operating system kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260407-73-0012

A vulnerability in the fs/hfsplus/bnode.c component of the Linux operating system kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability allows an attacker to gain access to confidential data, violate its integrity, and cause denial of service...

CVE-2026-35201

Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INTMAX are truncated to a signed int before entering the native parser,...

CVE-2026-35203 ZLMediaKit VP9 RTP Parser Out-of-Bounds Read

ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in ext-codec/VP9Rtp.cpp reads multiple fields from the RTP payload based on flag bits in the first byte, without verifying that sufficient data exists in the buffer. A crafted VP9 RTP packet with a 1-byte payload 0xFF,...

CVE-2026-35203 ZLMediaKit VP9 RTP Parser Out-of-Bounds Read

ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in ext-codec/VP9Rtp.cpp reads multiple fields from the RTP payload based on flag bits in the first byte, without verifying that sufficient data exists in the buffer. A crafted VP9 RTP packet with a 1-byte payload 0xFF,...

CVE-2026-35201 Discount has an Out-of-bounds Read in rdiscount

Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INTMAX are truncated to a signed int before entering the native parser,...

MGASA-2026-0086 Updated freerdp packages fix security vulnerabilities

FreeRDP has a heap-buffer-overflow in audinprocessformats. CVE-2026-22852 FreeRDP has a heap-buffer-overflow in driveprocessirpread. CVE-2026-22854 FreeRDP has a heap-buffer-overflow in smartcardunpacksetattribcall. CVE-2026-22855 FreeRDP has a heap-use-after-free in createirpthread. CVE-2026-228...