CVE-2026-25532 ESF-IDF is Vulnerable to WPS Enrollee Fragment Integer Underflow

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS Wi-Fi Protected Setup Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during...

PT-2026-6314

Name of the Vulnerable Software and Affected Versions Espressif Internet of Things IOT Development Framework versions 5.1.6 through 5.5.2 Description The Espressif Internet of Things IOT Development Framework contains a flaw in the WPS Wi-Fi Protected Setup Enrollee implementation. Malformed...

Espressif ESP-IDF 数字错误漏洞

Espressif ESP-IDF is an IoT development framework developed by Espressif, a Chinese company. Versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6 of Espressif ESP-IDF contain numerical error vulnerabilities. These vulnerabilities stem from integer underflow during the processing ofEAP-WSC packets in th...

Updated gpsd packages fix security vulnerabilities

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

CVE-2026-23567

CVE-2026-23567 affects the TeamViewer DEX Client (Content Distribution Service, NomadBranch.exe) on Windows, prior to version 26.1. The issue is an integer underflow in the UDP command handler that can trigger a heap-based buffer overflow, leading to a denial-of-service (service crash) when proce...

curl: Integer Underflow in src/var.c

Summary: A potential Integer Underflow vulnerability was identified in the setvariable function within src/var.c. the flaw occurs during the calculation of the variable content length clen when a byte range is specified. specifically, the code fails to validate if startoffset is greater than...

CVE-2026-23951 SumatraPDF's Integer Underflow in PalmDbReader Leads to Crash

SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with exactly 2 records, causing an integer underflow in the size calculation. This bug exists in PalmDbReader::GetRecord when opening a crafted Mobi file, resulting ...

CVE-2026-23951

SumatraPDF is affected by an off-by-one error in PalmDbReader::GetRecord when opening crafted Mobi files, triggering only with exactly 2 records and causing an integer underflow in the size calculation. This leads to an out-of-bounds heap read that crashes the application. The CVE notes indicate ...

CVE-2026-23951 SumatraPDF's Integer Underflow in PalmDbReader Leads to Crash

SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with exactly 2 records, causing an integer underflow in the size calculation. This bug exists in PalmDbReader::GetRecord when opening a crafted Mobi file, resulting ...

CVE-2026-23951 SumatraPDF's Integer Underflow in PalmDbReader Leads to Crash

SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with exactly 2 records, causing an integer underflow in the size calculation. This bug exists in PalmDbReader::GetRecord when opening a crafted Mobi file, resulting ...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38200)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38200 advisory. - In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invali...

sumatrapdf numerical error vulnerability

Sumatrapdf is an open-source PDF reader developed by SumatraPDF Reader. SumatraPDF has a digital error vulnerability; this vulnerability stems from handling specially crafted Mobi files, where a single mistake or integer underflow can lead to out-of-bounds heap access and application crashes...

Exploit for Integer Underflow (Wrap or Wraparound) in Microsoft

CVE-2024-38063 — Windows IPv6 Stack Vulnerability Analysis &...

MiracleLinux 9 : edk2-20231122-6.el9 (AXSA:2024-8102:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8102:05 advisory. edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message CVE-2023-45235 EDK2: heap buffer overflow in...

MiracleLinux 7 : kernel-3.10.0-1160.108.1.el7 (AXSA:2024-7470:05)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7470:05 advisory. kernel: netfilter: potential slab-out-of-bound access due to integer underflow CVE-2023-42753 Tenable has extracted the preceding description block directly...

MiracleLinux 7 : xorg-x11-server-1.20.4-16.el7 (AXSA:2021-1756:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1756:02 advisory. xorg-x11-server: XChangeFeedbackControl integer underflow leads to privilege escalation CVE-2021-3472 Tenable has extracted the preceding description block...

Debian dla-4441 : gpsd - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4441 advisory. [email protected] Subject: SECURITY DLA 4441-1 gpsd security update - ------------------------------------------------------------------------- Debia...

gpsd security update

1:3.26.1-1.0.1.el101.1 - Replace upstream reference Orabug: 37033219 1:3.26.1-1.el101.1 - fix buffer overflow in NMEA2000 driver CVE-2025-67268 - fix integer underflow in handling of Navcom packets CVE-2025-67269...

CVE-2025-62291

A flaw was found in the strongSwan eap-mschapv2 plugin client-side. A remote attacker, specifically a malicious Extensible Authentication Protocol - Microsoft Challenge-Handshake Authentication Protocol version 2 EAP-MSCHAPv2 server, could exploit this by sending a specially crafted message betwe...

AZL-74660 CVE-2025-62291 affecting package strongswan for versions less than 5.9.14-8

In the eap-mschapv2 plugin client-side in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow...