Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper configuration of the LengthFieldBasedFrameDecoder value. An attacker can cause the application to exhaust JVM heap memory and disrupt service availability by sending...

Astra Linux - уязвимость в wireshark

In Wireshark versions 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This issue was addressed in the plugin plugins/epan/wimax/msgdlmap.c by validating the length field...

CVE-2025-63547

An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a crafted packet to the MTU length field...

Open-Vehicle-Monitoring-System-3 安全漏洞

Open-Vehicle-Monitoring-System-3 is an open source vehicle remote monitoring and diagnostic control system from Open Vehicles. A security vulnerability exists in Open-Vehicle-Monitoring-System-3 version 3.3.005, which stems from the length field of the GVRET binary data in canformatgvret.cpp not...

PT-2026-36524

Name of the Vulnerable Software and Affected Versions Eprosima Micro-XREC-DDS Agent version 3.0.1 Description A remote attacker can cause a denial of service by sending a crafted packet to the MTU length field. Recommendations At the moment, there is no information about a newer version that...

Micro XRCE-DDS Agent 安全漏洞

Micro XRCE-DDS Agent is an eProsima open source proxy bridging tool for resource constrained devices to communicate with the DDS world. A security vulnerability exists in Micro XRCE-DDS Agent version 3.0.1, which stems from the MTU length field in specially crafted packets and could lead to a...

ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...

Linux Distros Unpatched Vulnerability : CVE-2026-31659

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: reject oversized global TT response buffers batadvttpreparetvlvglobaldata builds the allocation length for a global TT response in 16-bit temporarie...

CVE-2026-41429

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled by calling NBNS.begin..., the device listens on UDP...

CVE-2026-41429

CVE-2026-41429 affects the arduino-esp32 core (ESP32/ESP32-S2/ESP32-S3/ESP32-C3/ESP32-C6/ESP32-H2). The issue is a memory corruption in NBNS packet handling when NetBIOS is enabled via NBNS.begin(...); the code path listens on UDP port 137 and processes untrusted NBNS requests. The request parser...

EUVD-2026-25552

In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buffers batadvttpreparetvlvglobaldata builds the allocation length for a global TT response in 16-bit temporaries. When a remote originator advertises a large enough global TT, the ...

CVE-2026-5265

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...

CVE-2026-5265

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...

CVE-2026-6862

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...

Red Hat Enterprise Linux 10 安全漏洞

Red Hat Enterprise Linux 10 is a Linux operating system designed for enterprise users by the American company Red Hat. There is a security vulnerability in Red Hat Enterprise Linux 10. This vulnerability stems from the fact that the device path node resolver does not verify that the Length field ...

CVE-2026-40253

A flaw was found in openCryptoki, a PKCS11 Cryptographic Token Interface Standard library. The BER/DER Basic Encoding Rules/Distinguished Encoding Rules decoding functions in the shared common library do not properly validate attacker-controlled length fields against actual buffer boundaries. Thi...

CVE-2020-37216

Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the SM2 decryption process due to improper validation of the encoded C3 hash field length prior to comparison. An attacker can cause a heap buffer over-read, potentially leading to a crash or other undefined...

FreeRDP 安全漏洞

FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.24.2 contained a security vulnerability. This vulnerability stemmed from the unvalidated network read of the authlength field, which could trigger assertion failures. This could cau...

CVE-2026-23298

A flaw was found in the Linux kernel's CAN Controller Area Network ucan driver. This vulnerability allows a connected ucan device to send a message with a zero-length field. Such a message can trigger an infinite loop within the driver, causing the system to hang. This ultimately leads to a denia...