Astra Linux - уязвимость в fly-wm

The vulnerability of the fly-wm window graphical manager is related to reading data beyond the allowable buffer limit. Exploiting this vulnerability allows an attacker to cause a service failure...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validating UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified to ensure that their sizes match the declared lengths, and that they fit within the allocated buffer sizes as well...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: rainshadow-cec: Fixed the TOCTOU race condition in raininterrupt. In the interrupt handler raininterrupt, the check for buffer fullness on rain-buflen is performed before acquiring rain-buflock. This creates a Time-of-Chec...

Astra Linux - уязвимость в glib2.0

A flaw was discovered in glib. Missing validation of the offset and count parameters in the gbufferedinputstreampeek function can lead to an integer overflow during length calculations. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy,...

Astra Linux - уязвимость в xorg-server, xwayland

A buffer overflow vulnerability was discovered in X.Org and Xwayland. The code in XkbVModMaskText allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and will copy the data regardless of the siz...

Astra Linux - уязвимость в memcached

A buffer overflow vulnerability in the authfile.c memcached 1.6.9 allows attackers to cause a denial of service through a crafted authentication file...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/net: Committing partial buffers during retries The ringed-provided buffers may only be valid within the single execution context in which they were acquired. iouring handles this by invalidating such buffers during retrie...

Astra Linux - уязвимость в freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. In affected versions, there is a Global-Buffer-Overflow in the ncrushdecompress function. Feeding crafted input into this function can trigger the overflow, which has only been shown to cause a...

Astra Linux - уязвимость в zabbix

The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files using zbxjsonopen...

Astra Linux - уязвимость в xorg-server

A vulnerability classified as critical was discovered in X.org Server. The vulnerability affects the GetCountedString function in the xkb/xkb.c file. This vulnerability can lead to a buffer overflow. It is recommended that you apply a patch to address this issue. The identifier associated with th...

Astra Linux - уязвимость в linux, linux-5.10

A issue was discovered in the x86 KVM subsystem of the Linux kernel before version 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVMVCPUPREEMPTED situations...

Astra Linux - уязвимость в php7.3

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when the pdomysql extension with the mysqlnd driver is used, if the third-party provider is allowed to provide the host and the connection password, an excessively long password can trigger a buffer overflow in PHP,...

Astra Linux - уязвимость в xrdp

xrdp is an open-source project that provides a graphical login interface for accessing remote machines using the Microsoft Remote Desktop Protocol RDP. Version 0.9.21 and earlier of xrdp contains a buffer overflow in the xrdpmmchandatain function. There are no known solutions to this issue. Users...

Astra Linux - уязвимость в libde265

It was discovered that Libde265 v1.0.14 contains a heap buffer overflow vulnerability in the derivespatiallumavectorprediction function at motion.cc...

Astra Linux - уязвимость в flac

A buffer overflow vulnerability exists in the function bitwritergrow in FLAC before version 1.4.0, allowing remote attackers to execute arbitrary code through crafted inputs to the encoder...

Astra Linux - уязвимость в libraw

A flaw was discovered in LibRaw. A heap-buffer-overflow in the raw2imageex function, caused by a maliciously crafted file, may lead to an application crash...

Astra Linux - уязвимость в tiff

Libtiff 4.5.0 is vulnerable to a Buffer Overflow issue through the extractContigSamplesBytes function at /libtiff/tools/tiffcrop.c:3215...

Astra Linux - уязвимость в qemu

A heap buffer overflow was discovered in the floppy disk emulator of QEMU up to version 6.0.0 inclusive. This issue could occur in the fdctrltransferhandler function in the hw/block/fdc.c file, during the processing of DMA read data transfers from the floppy drive to the guest system. A privilege...

Astra Linux - уязвимость в exiv2

In Exiv2 0.27.99.0, the PngImage::readMetadata function in the pngimage.cpp file allows attackers to cause a denial of service heap-based buffer over-read through a crafted image file...

Astra Linux - уязвимость в linux, linux-5.10

A issue was discovered in the Linux kernel before version 5.19.16. Attackers who were able to inject WLAN frames could cause a buffer overflow in the ieee80211bssinfoupdate function in the net/mac80211/scan.c file...