126 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-38497
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to either 'qwsign' or 'landingPage' sysfs attributes, the store functions...
SUSE CVE-2025-38497
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to either 'qwsign' or 'landingPage' sysfs attributes, the store functions attempt to access pagel - 1 before validating that the length 'l' is...
DEBIAN-CVE-2025-38497
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to either 'qwsign' or 'landingPage' sysfs attributes, the store functions attempt to access pagel - 1 before validating that the length 'l' is...
CVE-2025-38497
CVE-2025-38497 (Linux kernel) affects usb gadget configfs: writing an empty string to the qw_sign or landingPage sysfs attributes can dereference page[l-1] before length validation, causing an OOB read. The fix adds an early length check in os_desc_qw_sign_store() and webusb_landingPage_store() t...
CVE-2025-38497
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to either 'qwsign' or 'landingPage' sysfs attributes, the store functions attempt to access pagel - 1 before validating that the length 'l' is...
CVE-2025-38497 usb: gadget: configfs: Fix OOB read on empty string write
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to either 'qwsign' or 'landingPage' sysfs attributes, the store functions attempt to access pagel - 1 before validating that the length 'l' is...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from an out-of-bounds read on an empty string write...
ksmbd: prevent rename with empty string
...
jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)
A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service...
jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)
A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service...
jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)
A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service...
jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)
A flaw was found in jq, a command line JSON processor. A specially crafted input can cause a heap-based buffer over-read when formatting an empty string because it was not properly null-terminated, causing a crash and resulting in a denial of service...
CVE-2025-38077
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in currentpasswordstore If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array element with index...
DEBIAN-CVE-2025-38077
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in currentpasswordstore If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array element with index...
CVE-2025-38077 platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store()
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in currentpasswordstore If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array element with index...
CVE-2025-38077
CVE-2025-38077 affects the Linux kernel, in platform/x86 dell-wmi-sysman. The root cause was a potential buffer overflow when current_password_store() accessed buf[length-1] after an empty string length. A check for empty strings was added. The Azure Linux Nessus advisory confirms the fix and rec...
Multer vulnerable to Denial of Service via unhandled exception
Impact A vulnerability in Multer versions =1.4.4-lts.1, 2.0.1 allows an attacker to trigger a Denial of Service DoS by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Patches Users should upgrade to 2.0...
CVE-2025-48997 Multer vulnerable to Denial of Service via unhandled exception
Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service DoS by sending an upload file request with an empty string field name. This request causes ...
CVE-2024-6443
In utf8trunc in zephyr/lib/utils/utf8.c, lastbytep can point to one byte before the string pointer if the string is empty...
CVE-2025-37956
In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent rename with empty string Client can send empty newname string to ksmbd server. It will cause a kernel oops from dalloc. This patch return the error when attempting to rename a file or directory with an empty new na...