CVE-2025-43972

CVE-2025-43972 affects GoBGP prior to 3.35.0. The vulnerability is in the flowspec parser within pkg/packet/bgp/bgp.go, where an attacker can trigger a crash by sending fewer than 20 bytes in a specific context. The impact is a crash (potential denial via crash) as described in multiple sources. ...

Stream HTTP wrapper truncates redirect location to 1024 bytes

...

DEBIAN-CVE-2023-52611

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: sdio: Honor the host maxreqsize in the RX path Lukas reports skboverpanic errors on his Banana Pi BPI-CM4 which comes with an Amlogic A311D G12B SoC and a RTL8822CS SDIO wifi/Bluetooth combo card. The error he observ...

Denial Of Service (DoS)

pocketmine/pocketmine-mp is vulnerable to denial of service. The library does not properly validate byte limit in the skin length resulting in an overflow, allowing an attacker to crash the application...

GHSA-C6FG-99PR-25M9 Uncapped length of skin data fields submitted by players

Impact Some skin data fields e.g. skinID, geometryName are not capped in length. These fields are typically saved in the NBT data of a player when the player quits the server, or during an autosave. This is problematic due to the 32767 byte limit on TAGStrings. If any of these fields exceeds 3276...

Large Validator Sets/Rapid Validator Set Updates May Freeze the Bridge or Relayers

Handle nascent Vulnerability details In a similar vein to "Freeze The Bridge Via Large ERC20 Names/Symbols/Denoms", a sufficiently large validator set or sufficiently rapid validator update could cause both the ethoraclemainloop and relayermainloop to fall into a state of perpetual errors. In...