Astra Linux - уязвимость в unbound

Unbound before version 1.9.5 allows for an integer overflow in the regional allocator through regionalalloc. NOTE: The vendor denies that this is a vulnerability. Although the code may be vulnerable, an ongoing Unbound installation cannot be exploited remotely or locally...

Astra Linux - уязвимость в firefox, thunderbird, expat, libxmltok

The addBinding method in xmlparse.c within Expat also known as libexpat has an integer overflow issue before version 2.4.3...

Astra Linux - уязвимость в raptor2

In the Raptor RDF Syntax Library version 2.0.16, there is an integer underflow issue when normalizing a URI using the turtle parser in the raptorurinormalizepath function...

Astra Linux - уязвимость в libxml2

A issue was discovered in libxml2 before version 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters may overflow. This leads to an attempt to access an array at a negative 2GB offset, typically resulting in a segmentation fault...

Astra Linux - уязвимость в openexr

A flaw was discovered in the function dataWindowForTile of the IlmImf/ImfTiledMisc.cpp file. An attacker who can submit a crafted file for processing with OpenEXR could trigger an integer overflow, resulting in an out-of-bounds write operation on the heap. The most significant impact of this flaw...

Astra Linux - уязвимость в squid

A issue was discovered in Squid before versions 4.15 and 5.x before version 5.0.6. An integer overflow problem allows a remote server to cause a Denial of Service when delivering responses to HTTP Range requests. The issue is triggered by a header that is expected to exist in HTTP traffic, withou...

Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 allowed integer overflow to lead to a buffer overflow in the receiveaddrecipient function, through an email message with fifty million recipients. NOTE: Remote exploitation might be difficult due to resource consumption...

Astra Linux - уязвимость в redis

Redis is an in-memory database that persists data on disk.Authenticated users who issue specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, leading to a runtime assertion and termination of the Redis server process. This issue affects all Redis...

Astra Linux - уязвимость в ffmpeg

An integer overflow vulnerability exists in the function filtersobel in libavfilter/vfconvolution.c in Ffmpeg 4.2.1. Attackers can exploit this vulnerability to cause a Denial of Service or other unspecified impacts...

Astra Linux - уязвимость в libsndfile

Multiple signed integer overflows occur in the aureadheader function in src/au.c, as well as in the mat4open and mat4readheader functions in src/mat4.c within Libsndfile. This vulnerability allows an attacker to cause a Denial of Service or other unspecified impacts...

Astra Linux - уязвимость в xrdp

XRDPT is an open-source remote desktop protocol RDP server. In affected versions, an integer underflow leading to a heap overflow in the SESMAN server allows any unauthenticated attacker who can access the SESMAN server locally to execute code as root. This vulnerability has been patched in versi...

Astra Linux - уязвимость в u-boot

A issue was discovered in Das U-Boot during the period from 2019.07. There is an unbounded memcpy operation when parsing a UDP packet, due to an underflow of the netprocessreceivedpacket integer value during the ncinputpacket call...

Astra Linux - уязвимость в xrdp

xrdp is an open-source project that provides a graphical login interface to remote machines using the Microsoft Remote Desktop Protocol RDP. Version 0.9.21 and earlier of xrdp contains an integer overflow in the xrdpmmprocessrailupdatewindowtext function. There are no known solutions to this issu...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rxrpc: A integer overflow has been fixed in rxgkverifyresponse. In rxgkverifyresponse, there is a potential integer overflow due to rounding the tokenlen value before checking it. This allows the length check to be bypassed. This...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: pcie: Fixed integer overflow in iwlwritetouserbuf An integer overflow occurs in the iwlwritetouserbuf function, which is called by the iwldbgfsmonitordataread function. The function is as follows: c static bool...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: This issue prevents vlag from going out of bounds in reweighteevdf. It was possible for pickeevdf to return NULL, which would lead to a NULL-deref. This issue arose because entityeligible returned a falsely negative...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: printk: Fixed signed integer overflow when defining LOGBUFLENMAX. Shifting 1 31 on a 32-bit integer causes signed integer overflow, leading to undefined behavior. To prevent this, 1 was cast to u32 before the shift operation is...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: - Block: Fixed integer overflow in BLKSECDISCARD. - I independently rediscovered this issue by making the commit: 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155. - Block: Fixed overflow in blkioctldiscard. However, there’s still a...

Astra Linux - уязвимость в p7zip

Ppmd7.c in 7-ZIP before 23.00 allows for integer underflow and invalid read operations due to a crafted 7Z archive...

Astra Linux - уязвимость в python-cryptography

In the cryptography package for Python before version 3.3.2, certain sequences of update calls to symmetrically encrypt multi-GB values could lead to integer overflows and buffer overflows, as demonstrated by the Fernet class...