Astra Linux - уязвимость в libtomcrypt

In LibTomCrypt version 1.18.2, the derdecodeutf8string function located in derdecodeutf8string.c does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service such as out-of-bounds reads and crashes or to read information from other...

CVE-2026-42327

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...

uutils coreutils has an Improper Check for Unusual or Exceptional Conditions

The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...

GHSA-7259-CWHX-3XX3 uutils coreutils has an Improper Check for Unusual or Exceptional Conditions

The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...

CVE-2026-35366

The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...

CVE-2026-35366

The CVE-2026-35366 entry concerns the printenv utility in uutils coreutils. Affected component: printenv reads environment strings and, when variables contain invalid UTF-8 byte sequences, uutils’ implementation silently skips printing them instead of showing the raw bytes. This can allow malicio...

uutils coreutils 代码问题漏洞

uutils coreutils is a cross-platform core command-line tool set developed by Uutils. There is a code vulnerability in uutils coreutils, which arises from the inability of printenv to display environment variables that contain invalid UTF-8 byte sequences. This could allow malicious environment...

PT-2026-34502

The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...

EUVD-2026-22023

The bsonvalidate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that re...

USN-6958-1 libcroco vulnerabilities

It was discovered that Libcroco was incorrectly accessing data structures when reading bytes from memory, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. CVE-2017-7960 It was discovered th...

CVE-2024-2689

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...

GHSA-V363-RRF2-5FMJ ferris-says has undefined behavior when not using UTF-8

Affected versions receive a &u8 from the caller through a safe API, and pass it directly to the unsafe str::fromutf8unchecked function. The behavior of ferrissays::say is undefined if the bytes from the caller don't happen to be valid UTF-8. The flaw was corrected in ferris-says21 by using the sa...

SUSE CVE-2023-26302

Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input...

CVE-2023-26302

Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input...

DEBIAN-CVE-2023-26302

Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input...

PYSEC-2023-23

Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input...

UBUNTU-CVE-2023-26302

Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input...

SUSE CVE-2005-2102

The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service application crash via a filename that contains invalid UTF-8 characters...

SUSE CVE-2010-4657

PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output...

SUSE CVE-2011-3594

The gmarkupescapetext function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service crash via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, relate...