91 matches found
CVE-2026-53224
In the Linux kernel, the following vulnerability has been resolved: sctp: validate embedded INIT chunk and address list lengths in cookie sctpunpackcookie only checked that the embedded INIT chunk length did not exceed the remaining cookie payload, but did not ensure that the INIT chunk is large...
UBUNTU-CVE-2026-53246
In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT chunk length in COOKIEECHO processing When a listening SCTP server processes a COOKIEECHO chunk, the cached peer INIT chunk embedded after the cookie is parsed and its parameters are later walked b...
CVE-2026-53246 sctp: validate cached peer INIT chunk length in COOKIE_ECHO processing
In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT chunk length in COOKIEECHO processing When a listening SCTP server processes a COOKIEECHO chunk, the cached peer INIT chunk embedded after the cookie is parsed and its parameters are later walked b...
CVE-2026-53224
The vulnerability CVE-2026-53224 affects the Linux kernel SCTP implementation. The issue arises from insufficient validation of embedded INIT chunks and address list lengths in cookies: sctp_unpack_cookie() may accept a truncated INIT chunk, and the subsequent sctp_process_init() could read INIT ...
DoS vulnerability in HTTP/1.x chunked encoding parser triggered by maliciously crafted chunk lengths
When using the affected versions of the vibeio-http crate, an attacker could craft a malicious HTTP/1.x request with a large chunk length between usize::MAX - 1 and usize::MAX inclusive and send it, causing the server to crash integer overflow panic in debug builds, splitto out of bounds panic in...
SUSE-SU-2026:1716-1 Security update for libpng12
This update for libpng12 fixes the following issues: Update to version 1.2.59 jscPED-16191. Security issues : - CVE-2017-12652: missing chunk length check can lead to sensitive information disclosure, data corruption or crash bsc1141493. - CVE-2026-33416: use-after-free via pointer aliasing in...
MiracleLinux 7 : libpng-1.5.13-8.el7 (AXSA:2020-552:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-552:01 advisory. libpng: does not check length of chunks against user limit CVE-2017-12652 CVE-2017-12652 libpng before 1.6.32 does not properly check the length of chunks...
EUVD-2011-1574
Malware in sbrugna...
EUVD-2017-4191
Malware in sbrugna...
EUVD-2021-2029
Malware in sbrugna...
EUVD-2023-1867
Malicious code in bioql PyPI...
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
...
Security Bulletin: Vulnerabilities in snappy-java affect watsonx.data
Summary Snappy-java is vulnerable to a denial of service, caused by either an integer overflow, use of an unchecked chunk length or missing upper bound check on chunk length. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a deni...
snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact
A flaw was found in SnappyInputStream in snappy-java, a data compression library in Java. This issue occurs when decompressing data with a too-large chunk size due to a missing upper bound check on chunk length. An unrecoverable fatal error can occur, resulting in a Denial of Service DoS...
CVE-2024-26616
In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned BUG There is a bug report that, on a ext4-converted btrfs, scrub leads to various problems, including: - "unable to find chunk map" errors BTRFS info device...
UBUNTU-CVE-2024-26616
In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned BUG There is a bug report that, on a ext4-converted btrfs, scrub leads to various problems, including: - "unable to find chunk map" errors BTRFS info device...
CVE-2024-26616 btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned
In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned BUG There is a bug report that, on a ext4-converted btrfs, scrub leads to various problems, including: - "unable to find chunk map" errors BTRFS info device...
CVE-2024-26616 btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned
In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned BUG There is a bug report that, on a ext4-converted btrfs, scrub leads to various problems, including: - "unable to find chunk map" errors BTRFS info device...
PT-2024-3787 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: The vulnerability is related to a use-after-free issue in the btrfs file system when the chunk length is not 64K aligned. This can lead to various problems, including "unable to fi...
snappy-java: Unchecked chunk length leads to DoS
A flaw was found in Snappy-java's fileSnappyInputStream hasNextChunk function, which does not sufficiently evaluate input bytes before beginning operations. This issue could allow an attacker to send malicious input to trigger an out of memory error that crashes the program, resulting in a denial...