Astra Linux – Vulnerabilities in Firefox, Thunderbird, Expat, LibXMLTok

The issue with integer overflow occurs in storeAtts in the xmlparse.c file, within the Expat library also known as libexpat, before version 2.4.3...

Astra Linux – Vulnerability in sysstat

Before version 12.1.6, sysstat experienced memory corruption due to an integer overflow in the remapstruct function within sacommon.c...

Astra Linux – Vulnerability in curl

An integer overflow vulnerability exists in the tooloperate.c file of curl 7.65.2, which can be exploited by using a large value as the retry delay. NOTE: Many reports indicate that this does not have a direct security impact on the curl user. However, it may in theory cause a denial of service t...

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 allowed integer overflow to lead to a buffer overflow in the receiveaddrecipient function, through an email message with fifty million recipients. NOTE: Remote exploitation might be difficult due to resource consumption...

Astra Linux – Vulnerability in Thunderbird

In SkRegion.cpp, there is a potential out-of-bounds write due to an integer overflow. This could lead to a local privilege escalation without the need for additional execution privileges. User interaction is not required for exploitation...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-dv-timings.c: fix too strict blanking sanity checks Sanity checks were added to verify the v4l2bttimings blanking fields in order to avoid integer overflows when the user space passes strange values. However, this...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: accel/qaic: The integer overflow checks in mapuserpages have been cleaned up. The encodedma function includes some validations for intrans-size. However, it would be clearer to move these checks to findandmapuserpages. encoded...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fixed an issue of signed integer overflow in l2tpip6sendmsg. When len = INTMAX - transhdrlen, the value of ulen = len + transhdrlen will cause an overflow. To address this issue, we can follow the approach used by udpv6 and...

Astra Linux – Vulnerability in ffmpeg

An integer overflow vulnerability exists in the function filter16prewitt in libavfilter/vfconvolution.c in Ffmpeg 4.2.1. This vulnerability allows attackers to cause a Denial of Service or other unspecified impacts...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: amdkfd: Using calloc instead of kzalloc to avoid integer overflow. This approach uses calloc instead of performing the multiplication operation, which might lead to integer overflow...

Astra Linux – Vulnerability in lz4

There is a flaw in lz4. An attacker who submits a crafted file to an application that uses lz4 may be able to trigger an integer overflow, resulting in the call to memmove with a negative size argument. This can lead to an out-of-bounds write and/or a system crash. The most significant impact of...

Astra Linux – Vulnerability in exiv2

In Exiv2 0.26, the Exiv2::PsdImage::readMetadata method in psdimage.cpp of the PSD image reader may suffer from a denial-of-service attack infinite loop caused by an integer overflow through a specially crafted PSD image file...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15, Linux 5.10

Integer overflow or wrap-up vulnerability in the Linux kernel on Linux, x86, and ARM md, raid, raid5 modules allows for forced integer overflow...

Astra Linux – Vulnerability in Linux 5.15, Linux

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: prevent integer overflow in rndissetresponse If “BufOffset” is very large, the operation “BufOffset + 8” may lead to an integer overflow...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: uaccess: A integer overflow has been fixed in the accessok function. On three architectures, the end of a user’s access is checked against the address limit, without considering the possibility of an overflow. Passing a negative...

Astra Linux – Vulnerability in Squid

A issue was discovered in Squid before versions 4.15 and 5.x before version 5.0.6. An integer overflow problem allows a remote server to cause a Denial of Service when delivering responses to HTTP Range requests. The issue is triggered by a header that is expected to exist in HTTP traffic, withou...

Astra Linux – Vulnerability in libtommath

An integer overflow vulnerability exists in the mpgrow function within the libtom library, as reported in commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9. This vulnerability allows attackers to execute arbitrary code and cause a denial of service DoS attack...

Astra Linux – Vulnerability in protobuf-c, libsignal-protocol-c

Protobuf-c before version 1.4.1 has an unsigned integer overflow in the parserequiredmember field...

Astra Linux – Vulnerability in Redis

Redis is an open-source, in-memory database that persists data on disk. Versions 8.2.1 and earlier allow an authenticated user to use a specially crafted Lua script to cause an integer overflow, potentially leading to remote code execution. This issue exists in all versions of Redis that support...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm: zynqmpdp: Fixed integer overflow in zynqmpdprateget This patch addresses a potential integer overflow in zynqmpdprateget. The issue arises when the expression drmdpbwcodetolinkratedp-test.bwcode 10000 is evaluated using...