1658 matches found
SUSE CVE-2026-43618
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...
CLSA-2026-1779369849 rsync: Fix of CVE-2026-43618
CVE-2026-43618: fix integer overflow in compressed-token decoder allowing remote memory disclosure via crafted compressed stream...
CLSA-2026-1779369649 rsync: Fix of CVE-2026-43618
CVE-2026-43618: fix integer overflow in compressed-token decoder allowing remote memory disclosure via crafted compressed stream...
CLSA-2026-1779369622 rsync: Fix of CVE-2026-43618
CVE-2026-43618: fix integer overflow in compressed-token decoder allowing remote memory disclosure via crafted compressed stream...
CLSA-2026-1779369352 Fix CVE(s): CVE-2026-43618
SECURITY UPDATE: integer overflow in compressed-token decoder - debian/patches/CVE-2026-43618.patch: cap rxtoken at MAXTOKENINDEX and reject over-long simplerecvtoken literal chunks to prevent remote memory disclosure via crafted compressed stream - CVE-2026-43618...
CLSA-2026-1779368965 Fix CVE(s): CVE-2026-43618
SECURITY UPDATE: integer overflow in compressed-token decoder - debian/patches/CVE-2026-43618.patch: cap rxtoken at MAXTOKENINDEX and reject over-long simplerecvtoken literal chunks to prevent remote memory disclosure via crafted compressed stream - CVE-2026-43618...
Security update for cpp-httplib (important)
openSUSE Security Update: Security update for cpp-httplib Announcement ID: openSUSE-SU-2026:0174-1 Rating: important References: 1255835 1256518 1259220 1259221 1259373 Cross-References: CVE-2026-21428 CVE-2026-22776 CVE-2026-28434 CVE-2026-28435 CVE-2026-29076 CVSS scores: CVE-2026-21428 SUSE: 8...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed to avoid potential deadlocks. The function f2fstrylockop was used in f2fswritecompressedpages to prevent potential deadlocks, just as we did in f2fswritesingledatapage...
Astra Linux – Vulnerability in ntfs-3g
A properly crafted NTFS image can cause a heap-based buffer overflow in ntfscompressedpwrite in NTFS-3G 2021.8.22...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not double-complete the bio on errors during compressed reads I encountered some strange panics while fixing the error handling in btrfslookupbiosums. It turns out that the compression process will complete the bio we u...
Astra Linux – Vulnerability in FontForge
Splinefont in FontForge, with a version number of 20230101, allows for command injection through crafted archives or compressed files...
Astra Linux – Vulnerability in unbound
Before version 1.9.5, Unbound allowed an infinite loop through a compressed name in dnamepktcopy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, an ongoing Unbound installation cannot be exploited remotely or locally...
Astra Linux – Vulnerability in busybox
The decompressgunzip.c file in BusyBox contains an issue where version 1.32.1 improperly handles the error bit associated with the huftbuild result pointer. This results in an invalid free operation or segmentation fault due to malformed gzip data...
Astra Linux – Vulnerability in unbound
Before version 1.9.5, Unbound allowed assertion failures due to a compressed name in dnamepktcopy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, an ongoing Unbound installation cannot be exploited remotely or locally...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the compressed-token decoder process. An attacker can access sensitive memory contents, including environment variables, passwords, heap and stack data, and library memory pointers, by sending speciall...
DEBIAN-CVE-2026-43618
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...
ALPINE-CVE-2026-43618
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...
CVE-2026-43618
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...
CVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information Disclosure
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...
EUVD-2026-31011
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...