CVE-2026-43861

mutt before 2.3.2 does not check for '\0' in urlpctdecode...

CVE-2026-43861

mutt before 2.3.2 does not check for '\0' in urlpctdecode...

CVE-2026-43861

mutt before 2.3.2 does not check for '\0' in urlpctdecode...

EUVD-2026-26915

A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading...

CVE-2026-7735 osrg GoBGP AIGP Attribute bgp.go PathAttributeAigp.DecodeFromBytes buffer overflow

A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading...

CVE-2026-7734 osrg GoBGP SRv6 L3 Service prefix_sid.go SRv6L3ServiceAttribute.DecodeFromBytes denial of service

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefixsid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from...

CVE-2026-7734 osrg GoBGP SRv6 L3 Service prefix_sid.go SRv6L3ServiceAttribute.DecodeFromBytes denial of service

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefixsid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from...

CVE-2026-7734

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefixsid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from...

EUVD-2026-26914

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefixsid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from...

CVE-2026-7734

The CVE-2026-7734 affects osrg GoBGP up to 4.3.0, specifically the SRv6 L3 Service component’s DecodeFromBytes function in pkg/packet/bgp/prefix_sid.go. The issue allows remote manipulation of input data to trigger a denial of service. A fix is available in GoBGP v4.4.0, with the patch identified...

Exploit for CVE-2025-60751

CVE-2025-60751: GeographicLib Stack-based Buffer Overflow 📌...

GoBGP 缓冲区错误漏洞

GoBGP is an open-source implementation of the Border Gateway Protocol BGP developed by osrg. Versions of GoBGP prior to 4.3.0 contained a buffer error vulnerability. This vulnerability stems from a buffer overflow in the function PathAttributeAigp.DecodeFromBytes within the AIGP Attribute Parser...

PT-2026-36763

Name of the Vulnerable Software and Affected Versions osrg GoBGP versions prior to 4.4.0 Description A remote denial of service can occur in the SRv6 L3 Service component. The issue exists within the SRv6L3ServiceAttribute.DecodeFromBytes function located in the pkg/packet/bgp/prefix sid.go file,...

Linux Distros Unpatched Vulnerability : CVE-2026-43861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mutt before 2.3.2 does not check for '\0' in urlpctdecode. CVE-2026-43861 Note that Nessus relies on the presence of the package as reported by the vendor...

RHCOS 4 : OpenShift Container Platform 4.14.40 (RHSA-2024:8700)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8700 advisory. - buildah: Buildah allows arbitrary directory mount CVE-2024-9675 - Podman: Buildah: CRI-O: symlink traversal vulnerability in the...

Astra Linux – Vulnerability in libstb

It was discovered that STB v2.27 contains an integer shift of invalid size in the component stbijpegdecodeblockprogac...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ipvti: A potential issue related to slab-use-after-free has been fixed in decodesession6. When the ipvti device is set as a qdisc of the sfb type, the cb field of the sent skb may be modified during enqueueing. This can lead to a...

Astra Linux – Vulnerability in exiv2

In Exiv2 0.26, the Exiv2::IptcParser::decode function in iptc.cpp called from psdimage.cpp in the PSD image reader may experience a denial of service attack due to a heap-based buffer overread, caused by an integer overflow occurring through a specially crafted PSD image file...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: nfs: Fixed the KMSAN warning in decodegetfattr attrs. Fixed the following KMSAN warnings: CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: B=BADPAGE Hardware name: QEMU Standard PC Q35 + ICH9, 2009...

Astra Linux – Vulnerability in DjVuLibre

A out-of-bounds write vulnerability was discovered in DjVuLibre, specifically in the function DjVU::DjVuTXT::decode in DjVuText.cpp. A crafted DjVU file can trigger this issue, leading to a crash or segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28...