CVE-2026-41502 BACnet Stack: Off-by-One Out-of-Bounds Read in ReadPropertyMultiple Object ID Decoder

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an off-by-one out-of-bounds read vulnerability in bacnet-stack's ReadPropertyMultiple service decoder allows unauthenticated remote attackers to read one byte past an allocated buffer boundary by...

PT-2022-7111 · Yajl-Ruby +10 · Yajl-Ruby +10

Name of the Vulnerable Software and Affected Versions: yajl-ruby versions 1.x through 2.x Description: The issue is related to an integer overflow in the yajl-ruby library, which leads to heap memory corruption when dealing with large inputs 2GB. The reallocation logic at yajl buf.cL64 may result...