Astra Linux - уязвимость в zabbix

The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files using zbxjsonopen...

Astra Linux - уязвимость в xorg-server

A vulnerability classified as critical was discovered in X.org Server. The vulnerability affects the GetCountedString function in the xkb/xkb.c file. This vulnerability can lead to a buffer overflow. It is recommended that you apply a patch to address this issue. The identifier associated with th...

Astra Linux - уязвимость в linux, linux-5.10

A issue was discovered in the x86 KVM subsystem of the Linux kernel before version 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVMVCPUPREEMPTED situations...

Astra Linux - уязвимость в php7.3

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when the pdomysql extension with the mysqlnd driver is used, if the third-party provider is allowed to provide the host and the connection password, an excessively long password can trigger a buffer overflow in PHP,...

Astra Linux - уязвимость в xrdp

xrdp is an open-source project that provides a graphical login interface for accessing remote machines using the Microsoft Remote Desktop Protocol RDP. Version 0.9.21 and earlier of xrdp contains a buffer overflow in the xrdpmmchandatain function. There are no known solutions to this issue. Users...

Astra Linux - уязвимость в libde265

It was discovered that Libde265 v1.0.14 contains a heap buffer overflow vulnerability in the derivespatiallumavectorprediction function at motion.cc...

Astra Linux - уязвимость в flac

A buffer overflow vulnerability exists in the function bitwritergrow in FLAC before version 1.4.0, allowing remote attackers to execute arbitrary code through crafted inputs to the encoder...

Astra Linux - уязвимость в libraw

A flaw was discovered in LibRaw. A heap-buffer-overflow in the raw2imageex function, caused by a maliciously crafted file, may lead to an application crash...

Astra Linux - уязвимость в tiff

Libtiff 4.5.0 is vulnerable to a Buffer Overflow issue through the extractContigSamplesBytes function at /libtiff/tools/tiffcrop.c:3215...

Astra Linux - уязвимость в qemu

A heap buffer overflow was discovered in the floppy disk emulator of QEMU up to version 6.0.0 inclusive. This issue could occur in the fdctrltransferhandler function in the hw/block/fdc.c file, during the processing of DMA read data transfers from the floppy drive to the guest system. A privilege...

Astra Linux - уязвимость в exiv2

In Exiv2 0.27.99.0, the PngImage::readMetadata function in the pngimage.cpp file allows attackers to cause a denial of service heap-based buffer over-read through a crafted image file...

Astra Linux - уязвимость в linux, linux-5.10

A issue was discovered in the Linux kernel before version 5.19.16. Attackers who were able to inject WLAN frames could cause a buffer overflow in the ieee80211bssinfoupdate function in the net/mac80211/scan.c file...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A issue was discovered in include/asm-generic/tlb.h in the Linux kernel before version 5.19. Due to a race condition between unmapmappingrange and munmap, a device driver can free a page while it still has stale TLB entries. This only occurs in situations involving VMPFNMAP VMAs...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fixed a 1-byte out-of-bounds read in uvcparseformat. The check for the buffer length before calling uvcparseformat only ensured that the buffer contained at least 3 bytes buflen 2. However, the function accesses...

Astra Linux - уязвимость в liblouis

A buffer overflow vulnerability has been discovered in Liblouis v.3.24.0. This vulnerability allows a remote attacker to cause a denial of service through the loulogFile function at the logginc.c endpoint...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tracing/dma: Cap the dmamapsg tracepoint arrays to prevent buffer overflows. The dmamapsg tracepoint can cause a perf buffer overflow when tracing large scatter-gather lists. With devices like virtio-gpu that create large DRM...

Astra Linux - уязвимость в linux-5.10, linux

A issue was discovered in the Linux kernel through version 5.18.9. A type confusion bug in nftseteleminit could be exploited by a local attacker to escalate privileges. This is a different vulnerability than CVE-2022-32250. The attacker can obtain root access, but must start with an unprivileged...

Astra Linux - уязвимость в php7.3

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16, and 8.2.X before 8.2.3, the core path resolution function allocates a buffer that is one byte too small. When resolving paths with lengths close to the system’s MAXPATHLEN setting, this may result in the byte after the allocated buffer being...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: bpf, cpumap: Handle skb as well when cleaning up ptrring. The following warning was reported when running xdpredirectcpu with both skbmode and stressmode enabled: ------------ Cut here ------------ Incorrect XDP memory type...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: pci: tw68: Fixed the nullptrderef bug in the buf prepare and finish steps. When the driver calls tw68riscbuffer to prepare the buffer, the function call dmaalloccoherent may fail, resulting in an empty buffer buf-cpu. Late...