33349 matches found
Astra Linux - уязвимость в apache2
Before Apache HTTP Server 2.4.55, a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers serve any security purposes, they will not be interpreted by the client...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: ipv6: Rejected malicious packets in ipv6gsoSegment. syzbot was able to create a packet with very long IPv6 extension headers, leading to an overflow of the skb-transportheader field. This 16-bit field has a limited range. Add...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: NSh: The skb-protocol,data,macheader field for the outer header in nshgsosegment was restored. syzbot triggered various errors by sending a crafted GSO packet using the protocol VIRTIONETHDRGSOUDP, which includes the following...
Astra Linux - уязвимость в linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nfrejectipv6: fixed a potential crash in nfsendreset6 I received a report from syzbot regarding a crash in nfsendreset6 without any detailed reproduction steps. I believe the issue lies in dev-hardheaderlen being se...
Astra Linux - уязвимость в pypy
A issue was discovered in Python versions 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module incorrectly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of check on the From/To...
Astra Linux - уязвимость в rabbitmq-server
Pivotal RabbitMQ versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, as well as RabbitMQ for Pivotal Platform versions 1.16.x prior to 1.16.7 and 1.17.x prior to 1.17.4, contain a web management plugin that is vulnerable to a denial-of-service attack. The “X-Reason” HTTP header can be...
Astra Linux - уязвимость в python-tornado
Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and earlier use an inefficient algorithm when parsing parameters for HTTP header values, which may lead to Denial-of-Service attacks. The parseparam function in httputil.py is used to parse specific HTTP header...
Astra Linux - уязвимость в golang-1.15
In Go versions before 1.15.13 and 1.16.x, as well as before 1.16.5, certain configurations of ReverseProxy from net/http/httputil lead to a situation where an attacker can drop arbitrary headers...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: llc: A test for maclen should be performed before reading the MAC header. The LLC layer reads the MAC header using ethhdr, without verifying that the skb contains an Ethernet header. The Syzbot exploit was able to execute the...
Astra Linux - уязвимость в zlib, libz-mingw-w64
Zlib versions up to 1.2.12 have a heap-based buffer over-read or buffer overflow issue in the inflate function within inflate.c, due to a large gzip header extra field. NOTE: Only applications that call inflateGetHeader are affected. Some common applications bundle the affected Zlib source code,...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure that there is sufficient space to access the protocol field of the PPPoE header. Validate this once before the flowtable lookup, and then use a helper function to access the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Tunnels: Do not assume that the mac header is set in skbtunnelcheckpmtu. The recently added debug in commit f9aefd6b2aa3 “net: warn if mac header was not set” identified a bug in skbtunnelcheckpmtu, as shown in this syzbot report...
Astra Linux - уязвимость в linux, linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: nsh: Use the correct macoffset to unwind gsoskb in nshgsosegment As shown in the call trace, the skbpanic error occurred due to an incorrect skb-macheader value in nshgsoSegment. Invalid opcode: 0000 1 PREEMPT SMP KASAN PTI...
Astra Linux - уязвимость в tomcat9
Improper input validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, and from 9.0.0-M1 through 9.0.112. The following versions were at the end of their support lifecycles at the time the CVE was created, but are still affected:...
Astra Linux - уязвимость в haproxy
Before version 2.7.3, HAProxy might allow a bypass of access control mechanisms, as HTTP/1 headers were inadvertently lost in certain situations, also known as “request smuggling.” The HTTP header parsers in HAProxy might accept empty header field names, which could be used to omit the list of HT...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: mctp i2c: handling of NULL header addresses The daddr field can be NULL if there is no neighbour table entry present. In that case, the TX packet should be discarded. The saddr field is usually set by the MCTP core, but a NULL...
Astra Linux - уязвимость в squid
A issue was discovered in Squid 4.x before 4.15, and in 5.x before 5.0.6. If a remote server sends a certain response header via HTTP or HTTPS, it can lead to a denial of service. This header can potentially appear in legitimate network traffic...
Astra Linux - уязвимость в golang-golang-x-net
In Go, net/http versions before 1.16.12 and 1.17.x, as well as before 1.17.5, allowed uncontrolled memory consumption in the header canonicalization cache through HTTP/2 requests...
Astra Linux - уязвимость в apache2
The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large inputs using aprwrite or aprputs. This issue can occur, for example, when using the modluas r:puts function. Modules that are compiled and distribute...
Astra Linux - уязвимость в ceph
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the x-amz-copy-source argument to copy an object and specifying an empty string as its content resulted in the RGW daemon crashing, leading to a DoS attack. As of the time of publication,...