21 matches found
freerdp: FreeRDP heap-buffer-overflow
A heap based buffer overflow flaw has been discovered in FreeRDP. In affected versions RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndrreaduint8Array...
EUVD-2026-13607
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: unconditionally bump set-nelems before insertion In case that the set is full, a new element gets published then removed without waiting for the RCU grace period, while RCU reader can be walking over it...
php: heap-based buffer overflow in array_merge()
A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...
php: heap-based buffer overflow in array_merge()
A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...
php: heap-based buffer overflow in array_merge()
A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...
UBUNTU-CVE-2026-22853
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndrreaduint8Array. This vulnerabilit...
CVE-2026-22853 FreeRDP has a heap-buffer-overflow in ndr_read_uint8Array
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndrreaduint8Array. This vulnerabilit...
CVE-2026-22853
Freerdp before 3.20.1 contains a bounds-check vulnerability in RDPEAR's NDR array reader that can write past a heap buffer, causing a heap-buffer-overflow in ndr_read_uint8Array. The issue is fixed in 3.20.1; multiple advisories (SUSE/OpenSUSE, Fedora) indicate updates to 3.20.2 or newer as the r...
Linux Distros Unpatched Vulnerability : CVE-2026-22853
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR's NDR array reader does not perform bounds checking on the onwire eleme...
BIT-PHP-MIN-2025-14178 Heap buffer overflow in array_merge()
In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, a heap buffer overflow occurs in arraymerge when the total element count of packed arrays exceeds 32-bit limits or HTMAXSIZE, due to an integer overflow in the precomputation of...
CVE-2025-68731 accel/amdxdna: Fix an integer overflow in aie2_query_ctx_status_array()
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix an integer overflow in aie2queryctxstatusarray The unpublished smatch static checker reported a warning. drivers/accel/amdxdna/aie2pci.c:904 aie2queryctxstatusarray warn: potential user controlled sizeof overfl...
CVE-2025-68731 accel/amdxdna: Fix an integer overflow in aie2_query_ctx_status_array()
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix an integer overflow in aie2queryctxstatusarray The unpublished smatch static checker reported a warning. drivers/accel/amdxdna/aie2pci.c:904 aie2queryctxstatusarray warn: potential user controlled sizeof overfl...
libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS
A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate,...
DEBIAN-CVE-2023-34966
An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function slunpackloop did not validate a field in the network packet that contains the count of elements in an array-like...
SUSE CVE-2019-18848
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string...
CVE-2019-18848
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string...
CVE-2019-18848
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string...
Design/Logic Flaw
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string...
CVE-2019-18848
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string...
UBUNTU-CVE-2014-5266
The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service CPU consumption via a large document, a different vulnerability...