CVE-2024-26817

In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might overflow...

CVE-2024-26817 amdkfd: use calloc instead of kzalloc to avoid integer overflow

In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might overflow...

CVE-2024-26817

CVE-2024-26817 affects the Linux kernel amdkfd component. The vulnerability arises from using kzalloc with a multiplication that can overflow; the fix replaces kzalloc with calloc to avoid integer overflow. Descriptions in connected Nessus advisories (Unity Linux UTSA advisories) reiterate the sa...

Advisory ROSA-SA-2024-2336

software: hiredis 0.13.3 AXIS: ROSA-CHROME packageevrstring: hiredis-0.13.3-2.src.rpm CVE-ID: CVE-2021-32765 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: In vulnerable versions, Hiredis is vulnerable to integer overflow if provided with maliciously crafted or corrupted RESP mult-bulk protocol data. Whe...

libarchive: NULL pointer dereference in archive_write.c

A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash...

RHEL 8 : libarchive (RHSA-2024:0146)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0146 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM...

GTKWave LXT2 num_time_table_entries out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2023-1819 GTKWave LXT2 numtimetableentries out-of-bounds write vulnerability January 8, 2024 CVE Number CVE-2023-34436 SUMMARY An out-of-bounds write vulnerability exists in the LXT2 numtimetableentries functionality of GTKWave 3.3.115. A specially crafted .lxt2...

GTKWave VZT vzt_rd_block_vch_decode dict parsing integer overflow vulnerabilities

Talos Vulnerability Report TALOS-2023-1815 GTKWave VZT vztrdblockvchdecode dict parsing integer overflow vulnerabilities January 8, 2024 CVE Number CVE-2023-38653,CVE-2023-38652 SUMMARY Multiple integer overflow vulnerabilities exist in the VZT vztrdblockvchdecode dict parsing functionality of...

GTKWave VZT vzt_rd_block_vch_decode times parsing integer overflow vulnerabilities

Talos Vulnerability Report TALOS-2023-1814 GTKWave VZT vztrdblockvchdecode times parsing integer overflow vulnerabilities January 8, 2024 CVE Number CVE-2023-38651,CVE-2023-38650 SUMMARY Multiple integer overflow vulnerabilities exist in the VZT vztrdblockvchdecode times parsing functionality of...

Low: libarchive

Issue Overview: In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference or, in some cases, even arbitrary code execution. CVE-2022-36227 Affected...

kernel: dm flakey: don't corrupt the zero page

A flaw was found in the Linux kernel's dm-flakey device mapper target. When the corrupt bio writes option is enabled, dm-flakey can corrupt the kernel's global zero page. Since the zero page is shared system-wide and used by glibc's calloc implementation via mmap, corrupting it causes userspace...

kernel: dm flakey: don't corrupt the zero page

A flaw was found in the Linux kernel's dm-flakey device mapper target. When the corrupt bio writes option is enabled, dm-flakey can corrupt the kernel's global zero page. Since the zero page is shared system-wide and used by glibc's calloc implementation via mmap, corrupting it causes userspace...

Amazon Linux 2 : libarchive (ALAS-2023-2279)

The version of libarchive installed on the remote host is prior to 3.1.2-14. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2279 advisory. In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer...

GLSA-202309-14 : libarchive: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202309-14 libarchive: Multiple Vulnerabilities - In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a...

Low: libarchive

Issue Overview: In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference or, in some cases, even arbitrary code execution. CVE-2022-36227 Affected...

Integer Overflow

klibc is vulnerable to Integer Overflow. The vulnerability occurs due to the multiplication in the calloc function in klibc which could result in heap-based buffer overflow...

EulerOS 2.0 SP5 : libarchive (EulerOS-SA-2023-2154)

According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the...

EulerOS Virtualization 2.11.0 : libarchive (EulerOS-SA-2023-2097)

According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL...

Oracle Linux 8 : libarchive (ELSA-2023-3018)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-3018 advisory. 3.3.3-5 - Fix for CVE-2022-36227 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has no...

libarchive: NULL pointer dereference in archive_write.c

A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash...