PT-2023-35390 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.13 Description: The issue is related to a null-deref in the mremap function after a fork operation. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

PT-2023-35604 · Git +1 · Systemd

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of "Use-of-uninitialized-value". The crash state includes functions such as rename process, safe fork full, and pars...

K44070243: OpenSSL vulnerability CVE-2019-1549

Security Advisory Description OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being...

SUSE CVE-2003-0900

Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers...

SUSE CVE-2007-5794

Race condition in nssldap, when used in applications that are linked against the pthread library and fork after a call to nssldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong...

SUSE CVE-2008-1111

modcgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information...

SUSE CVE-2012-2745

The copycreds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service panic via a crafted application that uses the fork system call...

SUSE CVE-2013-3571

socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service file descriptor consumption via multiple request that are refused based on the 1 sourceport, 2 lowport, 3 range, or 4...

SUSE CVE-2014-0016

stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator PRNG, which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC ECDSA or DSA...

SUSE CVE-2014-2673

The archduptaskstruct function in the Transactional Memory TM implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service Program...

SUSE CVE-2014-4699

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service double...

SUSE CVE-2016-9423

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in w3m allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTML page...

SUSE CVE-2016-9425

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTML page...

SUSE CVE-2016-9422

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. The feedtabletag function in w3m doesn't properly validate the value of table span, which allows remote attackers to cause a denial of service stack and/or heap buffer overflow and possibly execute arbitrary code via a...

SUSE CVE-2016-9428

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTML page...

SUSE CVE-2016-9426

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable function in w3m allows remote attackers to cause a denial of service OOM and possibly execute arbitrary code due to bdwgc's bug CVE-2016-9427 via a crafted HTML page...

SUSE CVE-2016-9431

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page...

SUSE CVE-2016-9432

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service memory corruption, segmentation fault, and crash via a crafted HTML page...

SUSE CVE-2016-9430

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service segmentation fault and crash via a crafted HTML page...

SUSE CVE-2016-9433

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service out-of-bounds array access via a crafted HTML page...