Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: btnxpuart: Fixed the issue with btnxpuartclose. Fixed the scheduling issue during the atomic operation in btnxpuartclose. Properly purged the transmit queue and freed the receiveskb. 10.973809 BUG: Scheduling during...

Astra Linux - уязвимость в uriparser

A issue was discovered in uriparser through 0.9.7. The ComposeQueryEngine in UriQuery.c has an integer overflow due to long keys or values, resulting in a buffer overflow...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcicore: Fixed possible buffer overflow issues. The struct hcidevinfo structure has a name8 field with a fixed size. In cases where hdev-name is larger than this size, strcpy would attempt to write beyond its size...

Astra Linux - уязвимость в qemu

Integer overflows and buffer overflows were identified in the ACPI Error Record Serialization Table ERST device of QEMU, within the readerstrecord and writeerstrecord functions. Both issues may allow the guest to exceed the host buffer allocated for the ERST memory device. A malicious guest could...

Astra Linux - уязвимость в open-iscsi

A issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data. It...

Astra Linux - уязвимость в glib2.0

A flaw was discovered in GLib, which is vulnerable to an integer overflow in the gstringinsertunichar function. When the position at which the character is to be inserted is large, the position will overflow, resulting in a buffer underwrite...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng – ensure the buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. The qcomrngread function may...

Astra Linux - уязвимость в linux, linux-5.10

A flaw was discovered in the sctpmakestrresetreq function within the net/sctp/smmakechunk.c file, located in the SCTP network protocol in the Linux kernel. This flaw involves attempting to use more buffer space than is allocated, which triggers a BUGON issue, resulting in a denial of service DOS...

Astra Linux - уязвимость в linux, linux-5.10

It was discovered that there was a lack of CPU resources in the Linux kernel tracing module functionality in versions prior to 5.14-rc3. This issue occurred due to the way users utilize the trace ring buffer. Only privileged local users with the CAPSYSADMIN capability could exploit this flaw to...

Astra Linux - уязвимость в htmldoc

HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hdstrlcpy function in string.c when called from rendercontents in ps-pdf.cxx via a crafted HTML document...

Astra Linux - уязвимость в zabbix

The vulnerability is caused by an improper check to ensure that RDLENGTH does not overflow the buffer in response from the DNS server...

Astra Linux - уязвимость в linux-5.15

A issue was discovered in the Linux kernel before version 6.3.4. In the file fs/ksmbd/smb2pdu.c of ksmbd, there is a flaw where the UserName value is not properly checked. This occurs because the address of the security buffer is not taken into consideration, resulting in a out-of-bounds read...

Astra Linux - уязвимость в c-ares

C-ares is an asynchronous resolver library. The aresinetnetpton function is vulnerable to a buffer underflow for certain IPv6 addresses. In particular, the address “0::00:00:00/2” was found to cause an issue. C-ares only uses this function internally for configuration purposes, and an administrat...

Astra Linux - уязвимость в libde265

It was discovered that Libde265 v1.0.8 contains a heap-buffer-overflow vulnerability through the use of putweightedpredavg16fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack using a specially crafted video file...

Astra Linux - уязвимость в imagemagick

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow vulnerabilities...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: gve: Fixed incorrect buffer cleanup in gvetxcleanpendingpackets for QPL. In DQ-QPL mode, gvetxcleanpendingpackets incorrectly uses the RDA buffer cleanup path. It iterates a certain number of times and attempts to unmap entrie...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fixed a potential memory leak in bcmaspxmit. The bcmaspxmit function returns NETDEVTXOK without freeing the skb object in case of mapping failures. Add devkfreeskb to address this issue...

Astra Linux - уязвимость в python2.7

In Python 3.x through 3.9.1, there is a buffer overflow issue in the PyCArgrepr function within ctypes/callproc.c. This issue may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input. This was demonstrated by the use of the argument...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: Reworked the handling of scratch space for READPLUS again I discovered that the read code might send multiple requests using the same nfspgioheader. However, the nfs4procreadsetup function is only called once. As a resul...

Astra Linux - уязвимость в ghostscript

A heap-based buffer overwrite vulnerability was discovered in the lp8000printpage function of GhostScript, located in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a specially crafted PDF file, triggering a heap buffer overflow that could lead to memory corruption...