Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: Tracing: Free buffers when a used dynamic event is removed After 65536 dynamic events have been added and removed, the “type” field of the event uses the first available type number which is not currently used by other events. A...

Astra Linux - уязвимость в libde265

Libde265 v1.0.4 contains a global buffer overflow in the decodeCABACbit function, which can be exploited through a specially crafted file...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Error handling was added in xhcimapurbfordma. Currently, xhcimapurbfordma creates a temporary buffer and copies the SG list to the new linear buffer. However, if kzallocnode fails, the subsequent call to sgpcopytobuffe...

Astra Linux - уязвимость в wireshark

In Wireshark versions 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors might crash. This issue was addressed in epan/asn1.c by properly restricting buffer increments...

Astra Linux - уязвимость в glibc

When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information. This may lead to a buffer overflow if the size of the message string matches the page size...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ocfs2: The uncached inode fails to enter the group. Syzbot has reported the following BUG: Kernel BUG at fs/ocfs2/uptodate.c:509! … Call Trace: ? diebody+0x5f/0xb0 ? die+0x9e/0xc0 ? dotrap+0x15a/0x3a0 ?...

Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 has an improper restriction on write operations within the bounds of a memory buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands...

Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 allowed integer overflow to lead to a buffer overflow in the receiveaddrecipient function, through an email message with fifty million recipients. NOTE: Remote exploitation might be difficult due to resource consumption...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9khtc: Use skbsetlength to reset urb before resubmitting it. Syzbot points out that skbtrim has a sanity check on the existing length of the skb; this length might not be initialized in some error-prone situations. The...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fixed an issue where the CMA heap fault handler made a mistake in calculating the boundary. Until the VMDONTEXPAND flag was added in commit 1c1914d6e8c6 “dma-buf: heaps: Don’t track CMA dma-buf pages under RssFile...

Astra Linux - уязвимость в opensc

A vulnerability was discovered in OpenSC, OpenSC tools, the PKCS11 module, minidrivers, and CTKs. An attacker could use a specially crafted USB device or smart card, which would send a specially crafted response to APDUs to the system. When buffers are partially filled with data, the initialized...

Astra Linux - уязвимость в wayland

An internal reference count is maintained on the buffer pool; this count increments every time a new buffer is created from the pool. The reference count is stored as an integer. On LP64 systems, this can lead to an overflow if the client creates a large number of wlshm buffer objects, or if it...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ocfs2: Mounting fails due to a buffer overflow in strlen. Starting with kernel 5.11, when building with CONFIGFORTIFYSOURCE, mounting an ocfs2 filesystem using either o2cb or pcmk cluster stack fails. The issue seems to be that...

Astra Linux - уязвимость в tiff

A buffer overflow in LibTiff v4.0.10 allows attackers to cause a denial of service through the “TIFFVGetField” function in the component ‘libtiff/tifdir.c’...

Astra Linux - уязвимость в glibc

The iconv feature in the GNU C Library also known as glibc or libc6, up to version 2.32, may have a buffer over-read issue when processing invalid multi-byte input sequences in the EUC-KR encoding...

Astra Linux - уязвимость в hiredis

Hiredis is a minimalistic C client library for the Redis database. In affected versions, Hiredis can be vulnerable to integer overflow if maliciously crafted or corrupted RESP mult-bulk protocol data is provided. When parsing mult-bulk array-like replies, Hiredis fails to check whether count...

Astra Linux - уязвимость в htmldoc

HTMLDOC v1.9.18 contains a buffer overflow in the parsepre function, ps-pdf.cxx:5681...

Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed an out-of-bounds read in sndusbgetaudioformatuac3 In sndusbgetaudioformatuac3, the length value returned from sndusbctlmsg is used directly for memory allocation without validation. This length is controlle...

Astra Linux - уязвимость в opensc

A vulnerability was discovered in OpenSC. This security flaw causes a buffer overflow vulnerability in the cardoshaveverifyrcpackage function. An attacker can provide a smart card package with malformed ASN1 data. The cardoshaveverifyrcpackage function scans the ASN1 buffer for two tags, but the...

Astra Linux - уязвимость в libqb

In logblackbox.c in libqb before version 2.0.8, a buffer overflow can occur due to the use of long log messages, as the size of the log headers is not taken into consideration...