PYSEC-2025-30

vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body e.g. read a storage variable...

Vyper 安全漏洞

Vyper is a Pythonic smart contract language for EVM open sourced by vyperlang. A security vulnerability exists in Vyper that stems from multiple evaluations of an iterator expression, which could lead to abnormal program behavior...

PT-2025-7630 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.4.1 Description: The issue concerns the potential for multiple evaluations of a single expression in the iterator target of a for loop, which can lead to unexpected program behavior. Specifically, reads in iterators...

CVE-2025-25288 @octokit/plugin-paginate-rest has a Regular Expression in iterator that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/plugin-paginate-rest is the Octokit plugin to paginate REST API endpoint responses. For versions starting in 1.0.0 and prior to 11.4.1 of the npm package @octokit/plugin-paginate-rest, when calling octokit.paginate.iterator, a specially crafted octokit instance—particularly with a...

@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

Summary For the npm package @octokit/plugin-paginate-rest, when calling octokit.paginate.iterator, a specially crafted octokit instance—particularly with a malicious link parameter in the headers section of the request—can trigger a ReDoS attack. Details The issue occurs at line 39 of iterator.ts...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix list iterator in fastrpcreqmemunmapimpl This is another instance of incorrect use of list iterator and checking it for NULL. The list iterator value 'map' will always be set and non-NULL by listforeachentry, so...

fsdax: dax_unshare_iter needs to copy entire blocks

...

iov_iter: fix copy_page_from_iter_atomic() if KMAP_LOCAL_FORCE_MAP

...

ocfs2: fix uninitialized value in ocfs2_file_read_iter()

...

PT-2025-9980

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A issue in the Linux kernel has been resolved, related to the blkdev read iter function. This function has odd checks, such as gating the position and count adjustment based on the resul...

DEBIAN-CVE-2024-57928

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix enomem handling in buffered reads If netfsreadtopagecache gets an error from either -prepareread or from netfspreparereaditerator, it needs to decrement -nroutstanding, cancel the subrequest and break out of the issuin...

PT-2025-36413

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the ath11k module where ath11k mac disable peer fixed rate is incorrectly passed as an iterator to ieee80211 iterate stations atomic. This functio...

SUSE CVE-2024-56720

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Several fixes to bpfmsgpopdata Several fixes to bpfmsgpopdata, 1. In skmsgshiftleft, we should putpage 2. if len == 0, return early is better 3. pop the entire skmsg last == msg-sg.size should be supported 4. Fix fo...

DEBIAN-CVE-2024-53155

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix uninitialized value in ocfs2filereaditer Syzbot has reported the following KMSAN splat: BUG: KMSAN: uninit-value in ocfs2filereaditer+0x9a4/0xf80 ocfs2filereaditer+0x9a4/0xf80 ioread+0x8d4/0x20f0 ioread+0x3e/0xf0...

AZL-54993 CVE-2024-53155 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix uninitialized value in ocfs2filereaditer Syzbot has reported the following KMSAN splat: BUG: KMSAN: uninit-value in ocfs2filereaditer+0x9a4/0xf80 ocfs2filereaditer+0x9a4/0xf80 ioread+0x8d4/0x20f0 ioread+0x3e/0xf0...

UBUNTU-CVE-2024-53155

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix uninitialized value in ocfs2filereaditer Syzbot has reported the following KMSAN splat: BUG: KMSAN: uninit-value in ocfs2filereaditer+0x9a4/0xf80 ocfs2filereaditer+0x9a4/0xf80 ioread+0x8d4/0x20f0 ioread+0x3e/0xf0...

`rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion

...

GHSA-GW5W-5J7F-JMJJ Unsound usages of `std::slice::from_raw_parts`

The library breaks the safety assumptions when using unsafe API std::slice::fromrawparts. First, when using the API in iterator implementation TempFdArrayIterator.next, generic type could be any type, which would create and pass a misaligned pointer to the unsafe API. Second, when validating the...

DEBIAN-CVE-2024-53109

In the Linux kernel, the following vulnerability has been resolved: nommu: pass NULL argument to vmaiterprealloc When deleting a vma entry from a maple tree, it has to pass NULL to vmaiterprealloc in order to calculate internal state of the tree, but it passed a wrong argument. As a result, nommu...

UBUNTU-CVE-2024-53109

In the Linux kernel, the following vulnerability has been resolved: nommu: pass NULL argument to vmaiterprealloc When deleting a vma entry from a maple tree, it has to pass NULL to vmaiterprealloc in order to calculate internal state of the tree, but it passed a wrong argument. As a result, nommu...