466 matches found
CVE-2026-46727
An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that...
EUVD-2026-31477
An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that...
Ruby 竞争条件问题漏洞
Ruby is a cross-platform, object-oriented dynamic type programming language developed by Yukihiro Matsumoto. Prior to Ruby 4.0.5, there was a race condition vulnerability. This vulnerability stemmed from a race condition in the getaddrinfo handling process based on pthread, where reusing resource...
CVE-2026-46727
An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that...
CVE-2026-46727
Ruby 4 before 4.0.5 contains a race condition that can cause a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c). A remote attacker able to delay DNS responses near the user-specified timeout could crash a Ruby process calling Addrinfo.geta...
CVE-2026-46727
An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that...
Astra Linux – Vulnerability in Firefox and Thunderbird
A suspected race condition during the call of getaddrinfo led to memory corruption and a potentially exploitable crash. Note: This issue only affected Linux operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13,...
Astra Linux – Vulnerability in libuv1
Node.js versions prior to 16.4.1, 14.17.2, and 12.22.2 are vulnerable to an out-of-bounds read when the uvidnatoascii function is used to convert strings to ASCII. The pointer p is read and incremented without checking whether it lies beyond pe, where pe holds a pointer to the end of the buffer...
Astra Linux – Vulnerability in glibc
A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nssgethostbyname2r and nssgetcanonnamer hooks without...
Astra Linux – Vulnerability in libuv1
libuv is a multi-platform support library that focuses on asynchronous I/O operations. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its Windows counterpart src/win/getaddrinfo.c truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to generat...
Astra Linux – Vulnerability in glibc
A flaw has been identified in glibc. In a rare situation, the gaihinet function may use memory that has already been freed, leading to an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with...
CVE-2026-46727 - Use-after-free in pthread-based getaddrinfo timeout handler
SUMMARY A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that calls Addrinfo.getaddrinfo..., timeout: o...
Unity Linux 20.1060e / 20.1070e Security Update: nodejs (UTSA-2026-017558)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017558 advisory. Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and...
Astra Linux – Vulnerability in glibc
A vulnerable environment variable in the Untrusted LDLIBRARYPATH in the GNU C Library, versions 2.27 to 2.38, allows for the controlled loading of dynamically shared libraries in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS...
Azure Linux 3.0 Security Update: glibc (CVE-2023-4527)
The version of glibc installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-4527 advisory. - A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the...
MiracleLinux 8 : glibc-2.28-225.el8.6 (AXSA:2023-6476:04)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6476:04 advisory. glibc: buffer overflow in ld.so leading to privilege escalation CVE-2023-4911 glibc: Stack read overflow in getaddrinfo in no-aaaa mode CVE-2023-452...
MiracleLinux 9 : glibc-2.34-60.el9.7 (AXSA:2023-6486:05)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6486:05 advisory. glibc: buffer overflow in ld.so leading to privilege escalation CVE-2023-4911 glibc: Stack read overflow in getaddrinfo in no-aaaa mode CVE-2023-452...
MiracleLinux 4 : glibc-2.12-1.132.AXS4 (AXSA:2014-073:01)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-073:01 advisory. The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as t...
MiracleLinux 7 : glibc-2.17-292.el7 (AXSA:2019-4313:05)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4313:05 advisory. glibc: getaddrinfo should reject IP addresses with trailing characters CVE-2016-10739 Tenable has extracted the preceding description block directly from the...
Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2016-10739)
In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the...