CVE-2026-46289

In the Linux kernel, the following vulnerability has been resolved: lib/scatterlist: fix length calculations in extractkvectosg Patch series "Fix bugs in extractitertosg", v3. Fix bugs in the kvec and user variants of extractitertosg. This series is growing due to useful remarks made by...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an error in length calculation within the extractkvectosg function, potentially leading to a buff...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ethtool: strset: fix message length calculation The outer nesting of ETHTOOLASTRSETSTRINGSETS is not taken into account. This may result in ETHTOOLMSGSTRSETGET generating a warning like this: “Calculated message payload length 68...

Astra Linux - уязвимость в u-boot

A issue was discovered in Das U-Boot during the period from 2019.07. There is an unbounded memcpy operation with an unvalidated length at nfsreadlinkreply in the “else” block, after calculating the new path length...

CVE-2026-3549 ECH parsing heap buffer overflow

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving...

libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption...

libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption...

libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption...

CVE-2026-1761

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption...

CVE-2026-1761

CVE-2026-1761 is a libsoup stack-based buffer overflow vulnerability triggered by parsing multipart HTTP responses due to an incorrect length calculation. A remote attacker can send a crafted multipart response to cause memory corruption, potentially crashing the application or enabling arbitrary...

GNOME localsearch 安全漏洞

GNOME localsearch is a file search engine developed under the GNU General Public License. GNOME localsearch has a security vulnerability, which stems from an error in length calculation during the MP3 Extractor tracker-extract-mp3 process. This error may lead to heap buffer overflows,...

CVE-2026-1484

A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrust...

CVE-2026-1484

A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrust...

gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing

A flaw was found in gpsd. A remote attacker can exploit this vulnerability by sending a specially crafted NAVCOM packet. When parsing the packet, an error in calculating the payload length can cause the system to attempt to process an extremely large amount of data. This leads to excessive CPU...

PT-2026-4915

Name of the Vulnerable Software and Affected Versions GLib affected versions not specified Description A flaw exists in the GLib Base64 encoding routine when handling very large input data. The issue stems from the incorrect use of integer types during length calculation, potentially leading to...

EUVD-2023-60520

In the Linux kernel, the following vulnerability has been resolved: media: av7110: prevent underflow in writetstodecoder The buf4 value comes from the user via tsplay. It is a value in the u8 range. The final length we pass to av7110ipackinstantrepack is "len - buf4 + 1 - 4" so add a check to...

CVE-2025-12758

CVE-2025-12758—Validator.js isLength() Unicode variation selector bypass . Multiple IBM advisories reference affected product lines (e.g., IBM App Connect Enterprise, QRadar) where validator versions earlier than 13.15.22 are vulnerable due to incomplete filtering of Unicode variation selectors i...

CVE-2025-13601

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the escaped string...

CVE-2025-13601

CVE-2025-13601 affects GLib’s g_escape_uri_string() where an integer overflow in buffer size calculation can cause a heap-based overflow when escaping strings with many invalid characters. Consequences are described as potential write past the end of the allocated buffer, leading to memory corrup...

CVE-2025-13601 Glib: integer overflow in in g_escape_uri_string()

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the escaped string...