CVE-2026-44893

Netty CVE-2026-44893 affects netty-codec-haproxy prior to 4.1.135.Final and 4.2.15.Final. During PP2_TYPE_SSL TLV decoding, HAProxyMessage.readNextTLV() retains a slice before reading the client (1 byte) and verify (4 bytes). If TLV length

CVE-2026-44893 Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

CVE-2026-44893 Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length

When decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then reads the 1-byte client field and 4-byte verify field. If the attacker sets the TLV length below 5, the subsequent readByte/readInt throws IndexOutOfBoundsException...

CVE-2026-48132 VPN service may restart unexpectedly when processing IKE traffic over NAT-T 4500/UDP

The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used 4500/UDP. As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service temporary interruption of VPN...

CVE-2026-31697

A flaw was found in the Linux kernel's crypto: ccp driver. A local user could exploit this vulnerability by attempting to retrieve the CPU ID when a firmware command fails due to an invalid length. This can cause an overflow of a kernel-allocated buffer, leading to the disclosure of sensitive...

PT-2026-36382

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer overrun can occur in the me4000 xilinx download function when loading firmware requested by request firmware. The function reads a data stream length from the first 4 bytes into...

CVE-2026-6862 Efivar: efivar: denial of service due to stack overflow in device path node parsing

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...

JLSEC-2026-94

In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields...

CVE-2025-47373

Memory Corruption when accessing buffers with invalid length during TA invocation...

CVE-2025-47373

Memory Corruption when accessing buffers with invalid length during TA invocation...

EUVD-2025-208183

Memory Corruption when accessing buffers with invalid length during TA invocation...

PT-2026-22639

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A memory corruption issue exists when accessing buffers with an invalid length during a Trusted Application TA invocation. This can lead to unpredictable behavior or potential compromise of the syste...

Qualcomm Chipsets 缓冲区错误漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. Qualcomm Chipsets have a buffer error vulnerability, which stems from using an invalid length to access the buffer during TA calls, potentially leading to memory corruption...

📄 zlib crc32_combine_gen64 Denial of Service

zlib versions prior to 1.3.2 has an infinite loop vulnerability in the crc32combinegen64 function that can result in a denial of service condition. ============================================================================================================================================= | Title...

Crypt::URandom 安全漏洞

Crypt::URandom is an encrypted Perl library developed by DDICK’s individual developers. Versions of Crypt::URandom prior to 0.55 contained security vulnerabilities. These vulnerabilities stemmed from a heap buffer overflow in the XS function crypturandomgetrandom. This function did not validate t...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002964)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002964 advisory. The iscsiifrx function in drivers/scsi/scsitransportiscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service panic by leveraging...

EUVD-2020-30820

BACnet Test Server versions up to and including 1.01 contains a remote denial of service vulnerability in its BACnet/IP BVLC packet handling. The server fails to properly validate the BVLC Length field in incoming UDP BVLC frames on the default BACnet port 47808/udp. A remote unauthenticated...

CVE-2020-36872

CVE-2020-36872 affects BACnet Test Server versions up to and including 1.01. It has a remote denial-of-service vulnerability in BACnet/IP BVLC UDP handling caused by improper validation of the BVLC Length field on port 47808. An unauthenticated attacker can send a malformed BVLC Length value to t...

PT-2025-48193

Name of the Vulnerable Software and Affected Versions BACnet Test Server versions up to and including 1.01 Description BACnet Test Server is susceptible to a remote denial of service. The server does not correctly validate the BVLC Length field within incoming UDP BVLC frames on the default BACne...