313186 matches found
Astra Linux - уязвимость в vim
“Buffer over-reading” in the grabfilename function in the GitHub repository’s Vim/Vim version prior to 8.2.4956. This vulnerability could cause the software to crash, lead to memory modifications, and may allow for remote execution...
Astra Linux - уязвимость в ruby2.5
A buffer-overread issue was discovered in StringIO 3.0.1, which is available in Ruby 3.0.x through 3.0.6, and in Ruby 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: The can: hi311x module has corrected the ndochangemtu function to prevent buffer overflows. Sending a PFPACKET message allows bypassing the CAN driver’s logic and directly reaching the xmit function of the CAN driver. The only...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Do not issue ATS Invalidation requests when the device is disconnected. For those endpoint devices connected to the system via hot-plug-capable ports, users can request a hot reset of the device by setting the link...
Astra Linux – Vulnerability in ffmpeg
A buffer overflow vulnerability exists in the function configinput in libavfilter/vfgblur.c in Ffmpeg 4.2.1. Attackers can exploit this vulnerability to cause a Denial of Service or other unspecified impacts...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: mxser: fixed the xmitbuf leak in activate when LSR == 0xff. When LSR is 0xff during the call to -activate, we return an error. It’s important to note that the -shutdown function is not called when -activate fails. In this case,...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: net: ti: icssg-prueth: Fix missing data copying and incorrect recycling in ZC RX dispatch. emacdispatchskbzc allocates a new skb using napiallocskb, but never copies the packet data from the XDP buffer into it. The skb is pass...
Astra Linux - уязвимость в openssl
To decrypt SM2 encrypted data, an application is expected to call the API function EVPPKEYdecrypt. Typically, an application will call this function twice. The first time, upon entry, the “out” parameter can be NULL, and upon exit, the “outlen” parameter contains the buffer size required to hold...
Astra Linux - уязвимость в libwebp
A heap-based buffer overflow was discovered in libwebp in versions prior to 1.0.1 in the GetLE16 function...
Astra Linux - уязвимость в ghostscript
Artifex Ghostscript version 10.05.1 has a stack-based buffer overflow issue in the pdfwritecmap function, located in the device/vector/gdevpdtw.c file...
Astra Linux - уязвимость в u-boot
A issue was discovered in Das U-Boot during the period from 2019.07. There is a stack-based buffer overflow in the nfshandler reply helper function: nfsumountallreply...
Astra Linux - уязвимость в python-cryptography
Cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions, Cipher.updateinto would accept Python objects that implement the buffer protocol, but only provide immutable buffers. This would allow immutable objects such as bytes to b...
Astra Linux - уязвимость в linux-5.10, linux
A flaw was discovered in the Linux kernel’s networking code. A use-after-free occurred in the way the schsfb enqueue function utilized the socket buffer SKB cb field after the same SKB had been enqueued and freed into a child qdisc. This flaw allows a local, unprivileged user to cause a system...
Astra Linux - уязвимость в vim
Heap-based Buffer Overflow in the GitHub repository for vim/vim before version 8.2.4436...
Astra Linux - уязвимость в tiff
A heap-based buffer overflow flaw was discovered in libtiff, particularly in the handling of TIFF images using libtiff’s TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The greatest threat posed by this vulnerability relates to confidentiality, integrity, and...
Astra Linux - уязвимость в redis
Redis is an open-source, in-memory database that persists data on disk. In versions starting from 2.6 and prior to 7.4.3, an unauthenticated client can cause the output buffer to grow indefinitely, until the server runs out of memory or is terminated. By default, Redis’s configuration does not...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: Ethernet: Aeroflex: fixed a potential skb leak in grethinitrings The grethinitrings function does not free the newly allocated skb when dmamappingerror returns an error. Therefore, devkfreeskb was added to fix this issue. This ha...
Astra Linux - уязвимость в tpm2-tss
tpm2-tss is an open-source software implementation of the Trusted Computing Group’s Trusted Platform Module 2 Software Stack TSS2. In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, functions Tss2RCSetHandler and Tss2RCDecode both indexed into layerhandler using an 8-bit layer number. However,...
Astra Linux - уязвимость в grub2
Integer underflow in grubnetrecvip4packets; A malicious IP packet can cause an integer underflow in the grubnetrecvip4packets function, affecting the rsm-totallen value. Under certain circumstances, the totallen value may wrap around to a small integer number, which will be used in memory...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: cifs: A buffer overflow issue was addressed when parsing NFS reparse points. ReparseDataLength is the sum of the InodeType size and the DataBuffer size. To obtain the DataBuffer size, it is necessary to subtract the InodeType siz...