Astra Linux - уязвимость в libcaca

A flaw was discovered in libcaca v0.99.beta19. A buffer overflow issue in the cacaresize function in libcaca/caca/canvas.c may allow for the execution of arbitrary code in the user context...

Astra Linux - уязвимость в binutils

Heap buffer overflow vulnerability in binutils’ readelf before version 2.40, caused by the function findsectioninset in the file readelf.c...

Astra Linux - уязвимость в glibc

The Name Service Cache Daemon’s nscd netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary...

Astra Linux - уязвимость в apr-util

An integer overflow or wrap-around vulnerability in the aprbase64 functions of the Apache Portable Runtime Utility APR-util allows an attacker to write beyond the bounds of a buffer. This issue affects Apache Portable Runtime Utility APR-util version 1.6.1 and earlier...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net:mctp: taking ownership of skb in mctplocaloutput Currently, mctplocaloutput only takes ownership of the skb when it succeeds. In some cases where mctplocaloutput fails, we might leak the skb. Ownership of the skb is not...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Prevent USB core from accessing an invalid event buffer address This commit addresses a issue where the USB core might access an invalid event buffer address during runtime suspension, potentially causing SMMU...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: kdb: Buffer overflow issue during tab-complete has been fixed. Currently, when a user attempts symbol completion using the Tab key, kdb uses strncpy to insert the completed symbol into the command buffer. Unfortunately, it passes...

Astra Linux - уязвимость в vim

Heap-based Buffer Overflow in the GitHub repository vim/vim before version 9.0.0220...

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2. The calculation of the translation buffer when reading a language .mo file in grubgettextgetstrfromposition may overflow, resulting in an out-of-bound write. This issue can be exploited by an attacker to overwrite grub2’s sensitive heap data, ultimately allowing th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Fixed the handling of the host-controlled quote buffer length. The host-controlled value quotebuf-outlen is validated to determine how many bytes of the quote are copied to the guest userspace. In TDX environment...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cakeenqueue return NETXMITCN when bufferlimit is set to bufferlimit. The following setup can trigger a warning in htbactivate due to the condition: !cl-leaf.q-q.qlen. Example command: bash tc qdisc del dev lo root...

Astra Linux - уязвимость в libxml2

In libxml2 versions before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer do not check for integer overflows. This can lead to out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software that uses libxml2’s...

Astra Linux - уязвимость в glibc

The deprecated compatibility function svcunixcreate in the sunrpc module of the GNU C Library aka glibc from version 2.34 onwards copies the path argument onto the stack without validating its length. This may lead to a buffer overflow, potentially causing a denial of service or, if the applicati...

Astra Linux - уязвимость в glibc

The iconv feature in the GNU C Library also known as glibc or libc6, up to version 2.32, may have a buffer over-read issue when processing invalid multi-byte input sequences in the EUC-KR encoding...

Astra Linux - уязвимость в atftp

In tftpdfile.c in atftp up to 0.7.4, there is a buffer overflow issue due to improper handling of buffer-size parameters, which does not correctly account for combinations of data, OACK, and other options...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: This vulnerability prevents a wraparound in the schema length during the trace fill operation. The ioam6fillTraceData function stores the schema contribution to the trace length in an u8 type variable. When bit 2...

Astra Linux - уязвимость в tiff

A buffer overflow in LibTiff v4.0.10 allows attackers to cause a denial of service through the “TIFFVGetField” function in the component ‘libtiff/tifdir.c’...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: A memory leak has been fixed in error handling paths. If the vmbusestablishgpadl function fails, the recv|sendgpadl functions will not be updated, and the hvuiocleanup function in the error handling path will not be...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: arm64: Errata: Add a workaround for speculative unprivileged loads on Cortex-A520. Implement the workaround according to erratum 2966298 for ARM Cortex-A520. On an affected Cortex-A520 core, a speculative unprivileged load may le...

Astra Linux – Vulnerability in libde265

The Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service through the slicesegmentheader function in the slice.cc component...