pyOpenSSL: DTLS cookie callback buffer overflow

A flaw was found in pyOpenSSL. The setcookiegeneratecallback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a...

CVE-2026-27459

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0....

CVE-2026-27459

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0....

pyOpenSSL DTLS cookie callback buffer overflow

If a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Cookie values that are too long are now rejected...

GHSA-5PWR-322W-8JR4 pyOpenSSL DTLS cookie callback buffer overflow

If a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Cookie values that are too long are now rejected...

CVE-2026-22904

Improper length handling when parsing multiple cookie fields including TRACKID allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial‑of‑service condition and possible remote code execution...

CVE-2021-4464

FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service 'webs' fails to enforce maximum lengths for Cookie header values. When a cookie longer than 511 bytes is processed, a stack buffer is overrun,...

CVE-2025-55847

Wavlink M86X3AV240730 contains a buffer overflow vulnerability in the /cgi-bin/ExportAllSettings.cgi file. The vulnerability arises because the Cookie parameter does not properly validate the length of input data. Attackers can exploit this to execute arbitrary code or cause a denial of service D...

CVE-2025-55847

Wavlink M86X3AV240730 contains a buffer overflow vulnerability in the /cgi-bin/ExportAllSettings.cgi file. The vulnerability arises because the Cookie parameter does not properly validate the length of input data. Attackers can exploit this to execute arbitrary code or cause a denial of service D...

CVE-2025-55847

Wavlink M86X3AV240730 contains a buffer overflow vulnerability in the /cgi-bin/ExportAllSettings.cgi file. The vulnerability arises because the Cookie parameter does not properly validate the length of input data. Attackers can exploit this to execute arbitrary code or cause a denial of service D...

Wavlink M86X3A_V240730 安全漏洞

Wavlink M86X3AV240730 is a device firmware from China Ruiyin Wavlink. A security vulnerability exists in Wavlink M86X3AV240730, which originates from a cookie parameter in the /cgi-bin/ExportAllSettings.cgi file that does not correctly validate the length of the input data, which could result in...

PT-2025-39670

Name of the Vulnerable Software and Affected Versions Wavlink M86X3A V240730 affected versions not specified Description The software contains a buffer overflow issue in the /cgi-bin/ExportAllSettings.cgi file. The problem is due to insufficient validation of the length of input data received...

DEBIAN-CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

ALPINE-CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

ntpd-rs 安全漏洞

ntpd-rs is a full-featured implementation of the Network Time Protocol, including NTS support. A security vulnerability exists in ntpd-rs versions 0.3.0 through 0.3.2, which stems from the fact that ntpd-rs does not validate the length of the NTS cookie in NTP packets received from the server,...

Improper handling of NTS cookie length that could crash the ntpd-rs server

Impact ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes when it is not configured to handle NTS...

Arteco Web Client DVR/NVR Session Hijacking Vulnerability

The session identifier used by Arteco Web Client DVR/NVR is of an insufficient length and can be brute forced, allowing a remote attacker to obtain a valid session, bypass authentication, and disclose the live camera stream. !/usr/bin/env python3 Arteco Web Client DVR/NVR 'SessionId' Cookie Brute...