CVE-2025-37956

CVE-2025-37956 : In the Linux kernel, the ksmbd component is vulnerable to a race/validation issue where a client can send an empty newname string to the ksmbd server, potentially causing a kernel oops in d_alloc. The patch resolves this by returning an error when attempting to rename a file or d...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly handling empty string rename requests, which could cause the kernel to crash...

CVE-2022-49264

CVE-2022-49264 is a Linux kernel issue where execve(2) argv handling could lead to an elevation of privilege. The fix injects a single empty string into argv when argc == 0 and updates argc accordingly, preventing argv from being empty or NULL. The description indicates this is a local privilege-...

CVE-2022-49264 exec: Force single empty string when argv is empty

In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting1 Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve2 be the name of a program, thus prohibiting a scenario...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not forcing a single empty string when argv is null in execve...

GHSA-JQCP-XC3V-F446 fast-float2 has a segmentation fault due to lack of bound check

In this case, the "fastfloat2::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses...

PT-2025-5673 · Crates.Io · Fast-Float2

Name of the Vulnerable Software and Affected Versions: No specific software or version is mentioned, so the information cannot be determined. Description: The issue arises from the fast float2::common::AsciiStr::first method within the AsciiStr struct, which uses the unsafe keyword to read from...

PT-2024-40433 · Surrealdb · Surrealdb

Name of the Vulnerable Software and Affected Versions: SurrealDB versions prior to 2.0.4 Description: The issue occurs when the parser fails to handle the conversion of an empty string to a SurrealDB value, such as when casting to a record, duration, or datetime, or when parsing an empty string t...

CVE-2024-6443

In utf8trunc in zephyr/lib/utils/utf8.c, lastbytep can point to one byte before the string pointer if the string is empty...

CVE-2024-6443

In utf8trunc in zephyr/lib/utils/utf8.c, lastbytep can point to one byte before the string pointer if the string is empty...

PT-2024-37630 · Zephyr · Zephyr

Name of the Vulnerable Software and Affected Versions: Zephyr affected versions not specified Description: The issue occurs in the utf8 trunc function found in zephyr/lib/utils/utf8.c, where last byte p might point to the byte just before the string pointer if the string is empty. This is a buffe...

kernel: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()

In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bondoptionarpiptargetsset In function bondoptionarpiptargetsset, if newval-string is an empty string, newval-string+1 will point to the byte after the string, causing an out-of-bound read. BUG:...

AZL-47931 CVE-2024-39487 affecting package kernel for versions less than 5.15.164.1-1

In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bondoptionarpiptargetsset In function bondoptionarpiptargetsset, if newval-string is an empty string, newval-string+1 will point to the byte after the string, causing an out-of-bound read. BUG:...

DEBIAN-CVE-2024-39487

In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bondoptionarpiptargetsset In function bondoptionarpiptargetsset, if newval-string is an empty string, newval-string+1 will point to the byte after the string, causing an out-of-bound read. BUG:...

zstd: mysql: buffer overrun in util.c

A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun...

zstd: mysql: buffer overrun in util.c

A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun...

zstd: mysql: buffer overrun in util.c

A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun...

zstd: mysql: buffer overrun in util.c

A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun...

Advisory ROSA-SA-2024-2321

software: libxml2 2.9.14 OS: ROSA-CHROME packageevrstring: libxml2-2.9.14-4.src.rpm CVE-ID: CVE-2023-28484 BDU-ID: 2023-03298 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlSchemaFixupComplexType xmlschemas.c function of the Libxml2 library is related to null pointer dereferencing...

GHSA-5MMW-P5QV-W3X5 Always incorrect control flow in github.com/mojocn/base64Captcha

When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct...