Lucene search
K

461 matches found

RedhatCVE
RedhatCVE
added 5 days ago7 views

CVE-2026-33630

A flaw was found in c-ares. A use-after-free / double-free vulnerability exists in the query-completion handling path, where a query callback is invoked while the query is still linked in internal lookup structures. A remote attacker can exploit this via aresgetaddrinfo over TCP by sending crafte...

7.5CVSS6AI score
Exploits0References5
NVD
NVD
added 2026/07/03 8:16 p.m.8 views

CVE-2026-14607

A weakness has been identified in RT-Thread up to 5.0.2. This affects the function sysgetaddrinfo of the file components/lwp/lwpsyscall.c. Executing a manipulation of the argument aiaddr can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to...

6.8CVSS0.00119EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/03 7:45 p.m.6 views

CVE-2026-14607

A weakness has been identified in RT-Thread up to 5.0.2. This affects the function sysgetaddrinfo of the file components/lwp/lwpsyscall.c. Executing a manipulation of the argument aiaddr can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to...

6.8CVSS5.4AI score0.00119EPSS
Exploits0References7
CVE
CVE
added 2026/07/03 7:45 p.m.17 views

CVE-2026-14607

CVE-2026-14607 affects RT-Thread up to 5.0.2, specifically the sys_getaddrinfo implementation in components/lwp/lwp_syscall.c. Manipulating the ai_addr argument can cause memory corruption; exploit public and local access required. A fix is being prepared in a pull request (RT-Thread/rt-thread#11...

6.8CVSS5.6AI score0.00119EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55581

Name of the Vulnerable Software and Affected Versions RT-Thread versions prior to 5.0.3 Description A memory corruption issue exists in the sys getaddrinfo function within the components/lwp/lwp syscall.c file. A local attacker can trigger this by manipulating the ai addr argument. Recommendation...

6.8CVSS6.2AI score0.00119EPSS
Exploits0References11
NVD
NVD
added 2026/06/28 5:16 a.m.13 views

CVE-2026-10646

Zephyr's BSD-sockets getaddrinfo implementation subsys/net/lib/sockets/getaddrinfo.c passes a pointer to a stack-allocated state object struct getaddrinfostate aistate as the userdata of an asynchronous DNS resolver query. The socket layer waits on a semaphore with a timeout deliberately set...

7.4CVSS0.00269EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/28 4:4 a.m.11 views

CVE-2026-10646

Zephyr's BSD-sockets getaddrinfo implementation subsys/net/lib/sockets/getaddrinfo.c passes a pointer to a stack-allocated state object struct getaddrinfostate aistate as the userdata of an asynchronous DNS resolver query. The socket layer waits on a semaphore with a timeout deliberately set...

7.4CVSS5.8AI score0.00269EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/28 4:4 a.m.22 views

CVE-2026-10646

Zephyr's BSD-sockets getaddrinfo() (subsys/net/lib/sockets/getaddrinfo.c) has a use-after-return risk from a stack-allocated ai_state being kept as user_data during a DNS resolver retry. If a semaphore wait times out and the code retries without cancelling the previous query or resetting the sema...

7.4CVSS5.8AI score0.00269EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.9 views

CVE-2026-46727

An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that...

8.1CVSS5.5AI score0.00478EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 8:57 a.m.11 views

BIT-RUBY-MIN-2026-46727

An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that...

8.1CVSS5.8AI score0.00478EPSS
Exploits0References3
OSV
OSV
added 2026/05/27 8:57 a.m.10 views

BIT-RUBY-2026-46727

An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that...

8.1CVSS5.8AI score0.00478EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-46727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in...

8.1CVSS5.5AI score0.00478EPSS
Exploits0References2
NVD
NVD
added 2026/05/22 6:16 p.m.9 views

CVE-2026-46727

An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that...

8.1CVSS0.00478EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/22 6:16 p.m.15 views

CVE-2026-46727

An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that...

8.1CVSS5.8AI score0.00478EPSS
Exploits0References3
OSV
OSV
added 2026/05/22 6:16 p.m.9 views

UBUNTU-CVE-2026-46727

An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that...

8.1CVSS5.8AI score0.00478EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/22 12:0 a.m.20 views

CVE-2026-46727

An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that...

8.1CVSS0.00478EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.14 views

Ruby 竞争条件问题漏洞

Ruby is a cross-platform, object-oriented dynamic type programming language developed by Yukihiro Matsumoto. Prior to Ruby 4.0.5, there was a race condition vulnerability. This vulnerability stemmed from a race condition in the getaddrinfo handling process based on pthread, where reusing resource...

8.1CVSS5.8AI score0.00478EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/22 12:0 a.m.8 views

CVE-2026-46727

An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that...

8.1CVSS5.8AI score0.00478EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/22 12:0 a.m.12 views

CVE-2026-46727

An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that...

8.1CVSS5.8AI score0.00478EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/22 12:0 a.m.34 views

CVE-2026-46727

Ruby 4 before 4.0.5 contains a race condition that can cause a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c). A remote attacker able to delay DNS responses near the user-specified timeout could crash a Ruby process calling Addrinfo.geta...

8.1CVSS5.8AI score0.00478EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder