25 matches found
CVE-2026-6687
FatFs R0.16 and earlier contains a stack overflow bug in fgetlabel because exFAT label length XDIRNumLabel is trusted without enforcing spec maximums. This maps to CWE-121 Stack-based Buffer Overflow. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 7.6, High. The estimate...
CVE-2026-6687
FatFs R0.16 and earlier contains a stack overflow bug in fgetlabel because exFAT label length XDIRNumLabel is trusted without enforcing spec maximums. This maps to CWE-121 Stack-based Buffer Overflow. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 7.6, High. The estimate...
CVE-2026-6687
CVE-2026-6687 affects FatFs R0.16 and earlier. Root cause: f_getlabel() trusts exFAT label length (XDIR_NumLabel) beyond the spec maximums, causing a stack-based buffer overflow (CWE-121). Documented impact per CVSS: high for confidentiality, integrity, and availability. Exploitation status is no...
PT-2026-54929
Name of the Vulnerable Software and Affected Versions FatFs versions R0.16 and earlier Description A stack-based buffer overflow occurs in the f getlabel function. This issue arises because the exFAT label length XDIR NumLabel is trusted without enforcing the maximum limits defined by the...
📄 BuptLab DNS Relay Server 1.0 Denial of Service
A remote denial of service vulnerability exists in BuptLab DNS Relay Server version 1.0 due to improper validation of DNS label length during query parsing. An attacker can send a specially crafted DNS request containing an invalid label length field that exceeds the actual payload size. When the...
gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function
A flaw was found in the GnuTLS library, specifically in the gnutlspkcs11tokeninit function that handles PKCS11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the applicatio...
Astra Linux – Vulnerability in gnutls28
A flaw was discovered in the GnuTLS library, specifically in the gnutlspkcs11tokeninit function, which handles PKCS11 token initialization. When a token label longer than expected is processed, the function writes beyond the end of a fixed-size stack buffer. This programming error can cause...
CVE-2025-9820
CVE-2025-9820 affects the GnuTLS library, specifically gnutls_pkcs11_token_init(), where processing an overly long token label can cause a stack-based buffer overflow. Publicly documented impact includes potential crash or local code execution with resulting denial of service or privilege escalat...
FreeBSD : GnuTLS -- Stack write buffer overflow (b6835edf-c6c8-11f0-8471-74563cf9e4e9)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b6835edf-c6c8-11f0-8471-74563cf9e4e9 advisory. GnuTLS reports: When a PKCS11 token is initialized with gnutlspkcs11tokeninit function and it is passed...
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the gnutlspkcs11tokeninit function. An attacker can cause a crash or potentially execute arbitrary code by supplying a PKCS11 token with a label longer than 32 characters, leading to writing past the end ...
CLSA-2025-1743675732 avahi: Fix of 8 CVEs
CVE-2021-3468: handle termination event on avahi Unix socket to prevent infinite loop - CVE-2023-1981: prevent avahi daemon crash by emitting an error if the requested D-Bus service is not found - CVE-2021-3502: fix avahi-daemon crashing from NULL pointer assertions - CVE-2023-38469: reject...
SUSE-SU-2023:4910-1 Security update for avahi
This update for avahi fixes the following issues: - CVE-2023-38473: Fixed a reachable assertion when parsing a host name bsc1216419. - CVE-2023-38470: Fixed that each label is at least one byte long bsc1215947...
SUSE CVE-2011-3601
Buffer overflow in the processra function in the router advertisement daemon radvd before 1.8.2 allows remote attackers to execute arbitrary code or cause a denial of service crash via a negative value in a labellen value...
SUSE CVE-2016-10195
The nameparse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the labellen variable, which triggers an out-of-bounds stack read...
DEBIAN-CVE-2022-2929
In ISC DHCP 1.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory...
CVE-2020-25583
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold8 decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains th...
CVE-2020-25583
In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold8 decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains th...
UBUNTU-CVE-2017-9103
An issue was discovered in adns before 1.5.2. papmailbox822 does not properly check st from adnsfindlabelnext. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling progra...
DEBIAN-CVE-2016-10195
The nameparse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the labellen variable, which triggers an out-of-bounds stack read...
ALPINE-CVE-2016-10195
The nameparse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the labellen variable, which triggers an out-of-bounds stack read...