CVE-2026-45870

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: authgss: fix memory leaks in XDR decoding error paths The gssxdecctx, gssxdecstatus, and gssxdecname functions allocate memory via gssxdecbuffer, which calls kmemdup. When a subsequent decode operation fails, these...

CVE-2025-68382

Out-of-bounds read CWE-125 allows an unauthenticated remote attacker to perform a buffer overflow CAPEC-100 via the NFS protocol dissector, leading to a denial-of-service DoS through a reliable process crash when handling truncated XDR-encoded RPC messages...

Security update for firebird

This update for firebird fixes the following issues: CVE-2025-54989: Fixed NULL pointer dereference in XDR message parsing leading to denial-of-service ZDI-CAN-26486, bsc1248143 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

DEBIAN-CVE-2025-54989

Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and Do...

CVE-2025-54989

Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and Do...

CVE-2025-54989

Firebird before versions 3.0.13, 4.0.6, and 5.0.3 is vulnerable to a denial-of-service caused by a NULL pointer dereference during XDR message parsing from the client. The issue is specifically in the XDR message parsing path and leads to a crash/DoS. Remediation is to upgrade to the patched vers...

CVE-2025-54989

Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and Do...

CVE-2025-54989 Firebird XDR Message Parsing NULL Pointer Dereference Denial-of-Service Vulnerability

Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and Do...

SUSE CVE-2021-47107

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix READDIR buffer overflow If a client sends a READDIR count argument that is too small say, zero, then the buffer size calculation in the new initdirlist helper functions results in an underflow, allowing the XDR stream...

kernel: NFSD: Finish converting the NFSv2 GETACL result encoder

A flaw was identified in the Linux kernel’s NFSD NFSv2 GETACL result encoder. During conversion to xdrstream, leftover code erroneously set the pagelen field of the send buffer. The XDR stream encoders are expected to manage buffer length automatically, and the incorrect manual setting can result...

Vulnerability of services for the NFS ONCRPC XDR driver on Microsoft Windows operating systems, allowing a hacker to execute arbitrary code.

The vulnerability of services for the NFS ONCRPC XDR driver on Microsoft Windows is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted request...

CVE-2021-26433

Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability...

libntirpc: Memory leak when failing to parse XDR strings or bytearrays

It was found that due to the way rpcbind uses libtirpc libntirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer...

The vulnerability of the xdr_bytes and xdr_string functions in the library that handles system calls and core glibc functions allows a attacker to cause a service failure.

The vulnerabilities of the xdrbytes and xdrstring functions in the library that handles system calls and core glibc functions are related to the reclamation of unreliable data stored in memory after deserialization of buffers. Exploiting these vulnerabilities allows a remote attacker to cause a...

libntirpc: Memory leak when failing to parse XDR strings or bytearrays

It was found that due to the way rpcbind uses libtirpc libntirpc, a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer...

krb5: kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001)

A double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation XDR data. An authenticated user could use this flaw to crash the MIT Kerberos administration server kadmind, or other applications using Kerberos libraries, using specially crafted XDR packets...

krb5: kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001)

A double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation XDR data. An authenticated user could use this flaw to crash the MIT Kerberos administration server kadmind, or other applications using Kerberos libraries, using specially crafted XDR packets...