184 matches found
gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...
gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...
EUVD-2026-39266
In the Linux kernel, the following vulnerability has been resolved: inet: frags: fix use-after-free caused by the fqdirpreexit flush On netns teardown, fqdirpreexit walks the fqdir rhashtable and flushes every fragment queue that is not yet complete using inetfragqueueflush. That helper frees all...
CVE-2026-52914
A flaw was found in the Linux kernel's batman-adv component. This vulnerability allows a local attacker to cause a denial of service DoS by sending malformed fragment chains. The flaw is due to incorrect accounting of fragment reassembly length, which can be truncated during updates, bypassing...
CVE-2026-52914
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain before reassembly. That accounting currently allows the accumulated...
UBUNTU-CVE-2026-52914
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain before reassembly. That accounting currently allows the accumulated...
CVE-2026-52914 batman-adv: fix fragment reassembly length accounting
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain before reassembly. That accounting currently allows the accumulated...
EUVD-2026-38717
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain before reassembly. That accounting currently allows the accumulated...
CVE-2026-52914
In the Linux kernel, the batman-adv component is affected by CVE-2026-52914. The root cause is an accounting bug where the accumulated fragment length used for validating queued fragment chains can be truncated during updates. This allows malformed fragment chains to bypass validation and drive r...
CVE-2026-52914
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain before reassembly. That accounting currently allows the accumulated...
PT-2026-51707
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the running payload length for queued fragments can be truncated during updates. This allows malformed fragment chains to bypass validation...
Linux Distros Unpatched Vulnerability : CVE-2026-52914
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it to validate a fragment chain...
gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...
Oracle Linux 8 : gnutls (ELSA-2026-20611)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-20611 advisory. - Fix CVE-2026-33846 DTLS fragment reassembly, High, heap overwrite - Fix CVE-2026-42009 DTLS fragment reassembly, High, undefined behaviour - Fix...
CVE-2026-48131 VPND IKE Fragment Reassembly - Heap Out-of-Bounds Write via Sequence Number Zero
The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service temporary disruption of VPN-related functionality...
CVE-2026-48131
CVE-2026-48131 concerns a VPN service handling of an unexpected IKE fragment value received on UDP/500 during early connection. The connected CVE data from CVELIST explicitly identifies the root cause as a Heap Out-of-Bounds Write via Sequence Number Zero during IKE fragment reassembly. This issu...
gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...
gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: inet: frags: dropping fraglist and conntrack references Jakub added a warning in nfconntrackcleanupnetlist to make debugging leaked skbs/conntrack references more obvious. The syzbot reports that this triggers an issue, and I can...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release while still in use The functions iplocalout and others can pass skb-sk as a function argument. If the skb is a fragment and reassembly occurs before such a function call returns, the sk must n...