65 matches found
EUVD-2025-210124
Heap buffer out-of-bounds write vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus ...
FreeBSD : h2o -- heap overrun parsing zero-length SNI (fba766f4-ccda-4e1b-8875-ab857c6a6532)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fba766f4-ccda-4e1b-8875-ab857c6a6532 advisory. h2o project reports: When h2o receives a TLS or QUIC ClientHello containing a zero-length SNI extension...
CVE-2026-48994
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check of a return value could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. This issue has been patched in versions 6.9.13-48...
Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2026-1777)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1777 advisory. A remotely triggerable underflow in the DTLS reassembly code led to a heap overrun. The issue was reported in the issue tracker as 1811 by Joshua Rogers of AISLE Research Team. CVE-2026-33845 Tenable h...
Important: gnutls
Issue Overview: A remotely triggerable underflow in the DTLS reassembly code led to a heap overrun. The issue was reported in the issue tracker as 1811 by Joshua Rogers of AISLE Research Team. CVE-2026-33845 Affected Packages: gnutls Issue Correction: Run dnf update gnutls --releasever...
EUVD-2026-33320
OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the dokeyvalue function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file. During pkcs15-init invocation, a key value entry...
h2o -- heap overrun parsing zero-length SNI
h2o project reports: When h2o receives a TLS or QUIC ClientHello containing a zero-length SNI extension, it can overrun the zero-length hostname while copying it. This can trigger a segmentation fault and cause a denial of service...
CVE-2026-45991
In the Linux kernel, the following vulnerability has been resolved: udf: fix partition descriptor append bookkeeping Mounting a crafted UDF image with repeated partition descriptors can trigger a heap out-of-bounds write in partdescsloc. handlepartitiondescriptor deduplicates entries by partition...
CLSA-2026-1779367740 Fix CVE(s): CVE-2026-42945
SECURITY UPDATE: fix heap buffer overrun in ngxhttprewritemodule when rewrite is followed by set/if/rewrite with unnamed PCRE captures - debian/patches/CVE-2026-42945.patch: fix heap buffer overrun in ngxhttprewritemodule when rewrite is followed by set/if/rewrite with unnamed PCRE captures -...
CLSA-2026-1779203444 gnutls: Fix of CVE-2026-33845
CVE-2026-33845: fix integer underflow and remote heap overrun in DTLS handshake reassembly by tracking startoffset and fraglength instead of an inclusive startoffset, endoffset range...
CLSA-2026-1779126860 nginx: Fix of CVE-2026-42945
CVE-2026-42945: fix heap buffer overrun in ngxhttprewritemodule when rewrite is followed by set/if/rewrite with unnamed PCRE captures...
CLSA-2026-1779126256 Fix CVE(s): CVE-2026-42945
SECURITY UPDATE: fix heap buffer overrun in ngxhttprewritemodule when rewrite is followed by set/if/rewrite with unnamed PCRE captures - debian/patches/CVE-2026-42945.patch: fix heap buffer overrun in ngxhttprewritemodule when rewrite is followed by set/if/rewrite with unnamed PCRE captures -...
CLSA-2026-1778762233 gnutls: Fix of CVE-2026-33845
CVE-2026-33845: fix integer underflow in DTLS handshake reassembly that allowed a remote heap overrun via crafted zero-length fragments...
CLSA-2026-1778238907 gnutls: Fix of CVE-2026-33845
CVE-2026-33845: fix DTLS handshake fragment reassembly integer underflow and heap overrun by tracking fraglength instead of endoffset...
CLSA-2026-1778172299 gnutls: Fix of CVE-2026-33845
CVE-2026-33845: fix DTLS handshake fragment reassembly integer underflow and heap overrun by tracking fraglength instead of endoffset...
CVE-2026-42512
As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun. A specially crafted packet can cause dhclient to...
CVE-2026-42512
As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun. A specially crafted packet can cause dhclient to...
FreeBSD : FreeBSD -- Remotely triggerable out-of-bounds heap write in dhclient (58acf4c5-4435-11f1-bb07-bc241121aa0a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 58acf4c5-4435-11f1-bb07-bc241121aa0a advisory. As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of...
FreeBSD Security Advisory - FreeBSD-SA-26:15.dhclient
FreeBSD Security Advisory - As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun...
FreeBSD-SA-26:15.dhclient
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:15.dhclient Security Advisory The FreeBSD Project Topic: Remotely triggerable out-of-bounds heap write in dhclient Category: core Module: dhclient Announced:...