CVE-2026-39461 select(2) file descriptor set overflow causes stack overflow

libcasper3 communicates with helper processes via UNIX domain sockets, and uses the select2 system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select2's descriptor set size limit of FDSETSIZE 1024. An attacker able to cause an...

CVE-2026-39461 select(2) file descriptor set overflow causes stack overflow

libcasper3 communicates with helper processes via UNIX domain sockets, and uses the select2 system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select2's descriptor set size limit of FDSETSIZE 1024. An attacker able to cause an...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: IB/hfi1: Fixed the off-by-one error in sdma.h’s tx-numdescs. Unfortunately, the commit fd8958efe877 introduced another error, causing the descs array to overflow. This leads to further crashes that can be easily reproduced usi...

CVE-2026-39959 Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of service

Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to malicious D-Bus peers. A peer on the same bus can spoof signals by impersonating the owner of a well-known name, exhaust system resources or cause file descriptor spillover by...

EUVD-2026-17111

A flaw was found in virtio-win. The RhelDoUnMap function does not properly validate the number of descriptors provided by a user during an unmap request. A local user could exploit this input validation vulnerability by supplying an excessive number of descriptors, leading to a buffer overrun. Th...

CVE-2025-68622

Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in the esp-usb UVC host implementation allows a malicious USB Video Class UVC device to trigger a stack buffer overflow during configuration-descriptor parsing. When UVC...

Linux Distros Unpatched Vulnerability : CVE-2025-40159

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xsk: Harden userspace-supplied xdpdesc validation Turned out certain clearly invalid values passed in xdpdesc from userspace can pass xp,unalignedvalidatedesc a...

CVE-2019-5603

In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a...

DEBIAN-CVE-2024-26766

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx-numdescs off-by-one error Unfortunately the commit fd8958efe877 introduced another error causing the descs array to overflow. This reults in further crashes easily reproducible by sendmsg system call...

SUSE CVE-2012-3410

Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix...

dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK...

STMicroelectronics stm32_mw_usb_host 安全漏洞

Stmicroelectronics stm32mwusbhost is a middleware USB Host MCU component from Stmicroelectronics, Switzerland. A security vulnerability exists in STMicroelectronics stm32mwusbhost, which stems from a buffer overflow vulnerability that could allow an attacker to execute arbitrary code when the...

dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK...

CVE-2022-29223 Buffer overflow on HUB descriptor in Azure RTOS USBX

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack. In versions prior to 6.1.10, an attacker can cause a buffer overflow by providing the Azure RTOS USBX host stack a HUB descriptor with bNbPorts set to a value greater than UXMAXTT which defaults to 8. For a bNbPorts value of...

CVE-2019-5603

Removed by vendor...

CVE-2014-10071

In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the "& fd" syntax...

Debian Security Advisory DSA 2628-1 (nss-pam-ldapd - buffer overflow)

Garth Mollett discovered that a file descriptor overflow issue in the use of FDSET in nss-pam-ldapd, which provides NSS and PAM modules for using LDAP as a naming service, can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a process that...

Mandriva Linux Security Advisory : nss-pam-ldapd (MDVSA-2013:106)

Updated nss-pam-ldapd packages fixes the following security vulnerability : Garth Mollett discovered that a file descriptor overflow issue in the use of FDSET in nss-pam-ldapd can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a process...

CVE-2002-1500

Buffer overflow in 1 mrinfo, 2 mtrace, and 3 pppd in NetBSD 1.4.x through 1.6 allows local users to gain privileges by executing the programs after filling the file descriptor tables, which produces file descriptors larger than FDSETSIZE, which are not checked by FDSET...