28 matches found
Use of Uninitialized Resource
Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the SquashFS archive handler due to uninitialized memory in the blockToNode array. An attacker can cause denial of service or potentially disclose heap information by providing a crafted SquashFS image...
CVE-2026-34962
barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4common.c where the ext4fsiteratedir function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4 filesystem image with a...
CVE-2026-42445 NanaZip: Uncontrolled recursion in NanaZip UFS directory traversal causes stack exhaustion
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS...
EUVD-2026-29325
barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4common.c where the ext4fsiteratedir function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4 filesystem image with a...
CVE-2026-34962 barebox ext4 Directory Parsing Infinite Loop Denial of Service
barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4common.c where the ext4fsiteratedir function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4 filesystem image with a...
CVE-2026-34962 barebox ext4 Directory Parsing Infinite Loop Denial of Service
barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4common.c where the ext4fsiteratedir function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4 filesystem image with a...
CVE-2026-34962
CVE-2026-34962 affects barebox prior to 2026.04.0, where a vulnerability in ext4 directory parsing (fs/ext4/ext4_common.c) allows an infinite loop during directory listing or path resolution. The root cause is that ext4fs_iterate_dir() does not validate non-zero directory entry lengths, so a craf...
CVE-2026-34962
barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4common.c where the ext4fsiteratedir function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4 filesystem image with a...
Barebox 安全漏洞
Barebox is a versatile and flexible bootloader developed by Barebox Open Source. Versions of Barebox prior to 2026.04.0 contained security vulnerabilities. These vulnerabilities stemmed from the ext4fsiteratedir function in ext4 directory parsing, which did not verify that the length value of...
CVE-2026-28876
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be able to access sensitive user da...
Intake 代码注入漏洞
Intake is an open-source Python toolkit for data loading and processing. Versions of Intake prior to 2.0.9 had a code injection vulnerability. This vulnerability stemmed from the automatic expansion of shell syntax during directory parsing, which could lead to the execution of host system command...
CVE-2026-20669
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data...
CVE-2024-36474
An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library libgsf version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-boun...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the zzipparserootdirectory function. An attacker can disrupt service and potentially execute arbitrary code by sending specially crafted inputs. Remediation A fix was pushed into the master branch but not...
CVE-2024-26848
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-26848
In the Linux kernel, the following vulnerability has been resolved: afs: Fix endless loop in directory parsing If a directory has a block with only ".afsXXXX" files in it from uncompleted silly-rename, these .afsXXXX files are skipped but without advancing the file position in the dircontext. Thi...
CVE-2024-26848
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-26848
...
CVE-2024-26848
...
CVE-2024-26848
CVE-2024-26848 affects the Linux kernel AFS file system; advisories (Ubuntu USN-6919-1 and Amazon Linux 2 ALAS2KERNEL-5.10-2024-076) describe an fix for an endless loop in directory parsing. Affected products/versions are kernel builds shipping the AFS code; remediation is to update the kernel to...