CVE-2025-11931 Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt

Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wcXChaCha20Poly1305Decrypt which is not used with TLS connections, only from direct calls from an application...

EUVD-2025-198522

Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wcXChaCha20Poly1305Decrypt which is not used with TLS connections, only from direct calls from an application...

CVE-2025-11931

Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wcXChaCha20Poly1305Decrypt which is not used with TLS connections, only from direct calls from an application...

CVE-2025-11931

Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wcXChaCha20Poly1305Decrypt which is not used with TLS connections, only from direct calls from an application...

PT-2025-47819

Name of the Vulnerable Software and Affected Versions Versions prior to 2025-11931 Description An integer underflow can lead to out-of-bounds access during decryption using XChaCha20-Poly1305. This occurs specifically when calling the wc XChaCha20Poly1305 Decrypt function, which is utilized by...

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from wolfSSL, Inc. in the United States. A security vulnerability exists in wolfSSL that stems from an integer underflow during the XChaCha20-Poly1305 decryption process, which could lead t...

TencentOS Server 4: libsoup3 (TSSA-2025:0414)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0414 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: libsoup (TSSA-2025:0459)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0459 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

PT-2025-48026

Name of the Vulnerable Software and Affected Versions WebKitGTK and WPE WebKit affected versions not specified Description A security issue exists in WebKitGTK and WPE WebKit that allows for an out-of-bounds read and integer underflow. Successful exploitation of this issue can lead to a...

CVE-2025-64076

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decodedefinitelongstring function of the C extension decoder source/decoder.c: 1 Integer Underflow Leading to Out-of-Bounds Read CWE-191, CWE-125: An incorrect variable reference and missing state reset in the chunk processing...

UBUNTU-CVE-2025-64076

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decodedefinitelongstring function of the C extension decoder source/decoder.c: 1 Integer Underflow Leading to Out-of-Bounds Read CWE-191, CWE-125: An incorrect variable reference and missing state reset in the chunk processing...

libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup

A flaw was found in the soupmultipartnewfrommessage function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal...

Important: Red Hat Security Advisory: libsoup security update

An update for libsoup is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

CVE-2025-64076

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decodedefinitelongstring function of the C extension decoder source/decoder.c: 1 Integer Underflow Leading to Out-of-Bounds Read CWE-191, CWE-125: An incorrect variable reference and missing state reset in the chunk processing...

CVE-2025-64076

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decodedefinitelongstring function of the C extension decoder source/decoder.c: 1 Integer Underflow Leading to Out-of-Bounds Read CWE-191, CWE-125: An incorrect variable reference and missing state reset in the chunk processing...

RHEL 7 : libsoup (RHSA-2025:21657)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21657 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: Heap buffer over-read in...

PT-2025-47374

Name of the Vulnerable Software and Affected Versions cbor2 versions through 5.7.0 Description The cbor2 software contains issues in the decode definite long string function within the C extension decoder source/decoder.c. An integer underflow can lead to an out-of-bounds read, and a memory leak...

Siemens SCALANCE and RUGGEDCOM Devices Integer Underflow (Wrap or Wraparound) (CVE-2024-53061)

media: s5p-jpeg: vulnerability due to the possibility of buffer overflows when the variable word is less than 2, which is prevented by adding extra checks. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

Adobe Substance3D Stager Integer Underflow Vulnerability

Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. Adobe Substance3D Stager suffers from an integer underflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...

Adobe Substance 3D Stager < 3.1.6 Multiple Vulnerabilities (APSB25-113)

The version of Adobe Substance 3D Stager installed on the remote host is prior to 3.1.6. It is, therefore, affected by an multiple vulnerabilities as referenced in the APSB25-113 advisory. - Substance3D - Stager versions 3.1.5 and earlier are affected by an out-of-bounds read vulnerability when...