75 matches found
CVE-2026-9263
The Zephyr Bluetooth controller ISO Adaptation Layer subsys/bluetooth/controller/llsw/isoal.c fails to validate the length field of a framed ISO PDU start segment. Per the Bluetooth specification a start segment sc=0 always carries a 3-byte timeoffset, so its segment-header len must be at least...
CVE-2026-9263 Out-of-bounds read in Bluetooth Controller ISOAL framed RX reassembly leaks adjacent memory into host HCI ISO packets
The Zephyr Bluetooth controller ISO Adaptation Layer subsys/bluetooth/controller/llsw/isoal.c fails to validate the length field of a framed ISO PDU start segment. Per the Bluetooth specification a start segment sc=0 always carries a 3-byte timeoffset, so its segment-header len must be at least...
Astra Linux – Vulnerability in WebKit2GTK
This issue has been resolved through improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6, and iPadOS 15.6, as well as macOS Monterey 12.5. Visiting a website that contains malicious content may lead to UI spoofing...
Astra Linux – Vulnerability in WebKit2GTK
The issue was resolved through improved UI handling. This issue is fixed in iOS 16.2, iPadOS 16.2, and macOS Ventura 13.1. Visiting a website that contains malicious content may lead to UI spoofing...
Astra Linux – Vulnerability in WebKit2GTK
The issue was resolved through improved UI handling. This issue has been fixed in Safari 16, tvOS 16, watchOS 9, and iOS 16. Visiting a website that contains malicious content may lead to UI spoofing...
CVE-2026-44302
Snappier is a high performance C implementation of the Snappy compression algorithm. Prior to 1.3.1, Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream as small as 15 bytes. This vulnerability is fixed in 1.3.1...
CVE-2026-44302
Snappier is a high performance C implementation of the Snappy compression algorithm. Prior to 1.3.1, Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream as small as 15 bytes. This vulnerability is fixed in 1.3.1...
CVE-2026-44302 Snappier: Infinite loop in SnappyStream decompression on malformed framed input
Snappier is a high performance C implementation of the Snappy compression algorithm. Prior to 1.3.1, Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream as small as 15 bytes. This vulnerability is fixed in 1.3.1...
CVE-2026-44302
Snappier is a high performance C implementation of the Snappy compression algorithm. Prior to 1.3.1, Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream as small as 15 bytes. This vulnerability is fixed in 1.3.1...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in the SnappyStreamDecompressor class, when decompressing malformed framed-format input. An attacker can cause the application to exhaust system resources by providing malicious stream data as small as 15 bytes PoC using...
GHSA-PGGP-6C3X-2XMX Snappier has an infinite loop during SnappyStream decompression with malformed framed input
Summary Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream as small as 15 bytes. Details The hang manifests as a userspace busy loop with SnappyStreamDecompressor.Decompress repeatedly calling Crc32CAlgorithm.Append. The exact...
Snappier has an infinite loop during SnappyStream decompression with malformed framed input
Summary Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream as small as 15 bytes. Details The hang manifests as a userspace busy loop with SnappyStreamDecompressor.Decompress repeatedly calling Crc32CAlgorithm.Append. The exact...
PT-2026-38299
Name of the Vulnerable Software and Affected Versions Snappier affected versions not specified Description A denial of service issue exists where Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream. This occurs when the...
Apache Thrift: Go TFramedTransport uint32 overflow
...
GHSA-WF45-Q9CH-Q8GH Apache Thrift TFramedTransport Go language implementation has an Integer Overflow or Wraparound vulnerability
Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...
Apache Thrift TFramedTransport Go language implementation has an Integer Overflow or Wraparound vulnerability
Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...
DEBIAN-CVE-2026-41602
Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...
CVE-2026-41602
CVE-2026-41602: Integer Overflow or Wraparound in Apache Thrift Go TFramedTransport (uint32 overflow) affecting Thrift before 0.23.0. Affected component: Apache Thrift’s Go TFramedTransport implementation. Root cause: uint32 overflow/wraparound in framing transport handling. Impact: potential ove...
Integer Overflow or Wraparound
Overview github.com/apache/thrift/lib/go/thrift is a Go implementation of the Apache Thrift library. Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper handling of integer values in the TFramedTransport function on 32-bit architectures. An attacker...
EUVD-2026-26020
Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...