Exploit for Improper Handling of Length Parameter Inconsistency in Linux Linux_Kernel

CVE-2026-31635...

SUSE-SU-2026:1954-1 Security update for perl-Crypt-URandom

This update for perl-Crypt-URandom fixes the following issue: - CVE-2026-2474: negative length parameter in the XS function can lead to a heap-based buffer overflow bsc1258266. Changes for perl-Crypt-URandom: - updated to 0.550.0 0.55 - Fix for sysread/read failures. Thanks to Miha Purg for GH20 ...

CVE-2026-3298

The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...

CVE-2026-3868

An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buff...

EUVD-2026-24527

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...

DEBIAN-CVE-2026-40333

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptpunpackEOSevents have xsize available but never pass it, leaving both...

CVE-2026-40333 libgphoto2 has OOB read in ptp_unpack_EOS_ImageFormat() and ptp_unpack_EOS_CustomFuncEx() due to missing length parameter in ptp-pack.c

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptpunpackEOSevents have xsize available but never pass it, leaving both...

CVE-2026-40333 libgphoto2 has OOB read in ptp_unpack_EOS_ImageFormat() and ptp_unpack_EOS_CustomFuncEx() due to missing length parameter in ptp-pack.c

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptpunpackEOSevents have xsize available but never pass it, leaving both...

CVE-2026-40333

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptpunpackEOSevents have xsize available but never pass it, leaving both...

CVE-2026-40333

Libgphoto2 (up to v2.5.33) suffers an out‑of‑bounds read in camlibs/ptp2/ptp-pack.c: ptp_unpack_EOS_ImageFormat() and ptp_unpack_EOS_CustomFuncEx() read data without a length check due to a missing parameter, with callers in ptp_unpack_EOS_events() not passing xsize. This unbounded read can lead ...

Improper Handling of Length Parameter Inconsistency

Overview Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency in the receivexattr function when it relies on an untrusted length value during a qsort call. An attacker can achieve unauthorized access to sensitive information, modify data, or caus...

CVE-2026-6069 CVE-2026-6069

NASM’s disasm function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when slen exceeds the buffer capacity...

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Handling of Length Parameter Inconsistency (CVE-2025-14847)

Summary There is a vulnerability in MongoDB Server used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-14847. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-14847 DESCRIPTION: Mismatched length fields in Zlib compressed protocol headers may allow a read of...

Linux Distros Unpatched Vulnerability : CVE-2026-2474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypturandomgetrandom. The function does not...

CVE-2026-2474 Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom()

Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypturandomgetrandom. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer...

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.6 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect handling of the parameter pf0.content.length in the SM...

ROS-20260209-73-0023

A vulnerability in the Zlib protocol implementation of the MongoDB database management system is related to improper handling of a length parameter mismatch. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

Exploit for Improper Handling of Length Parameter Inconsistency in Mongodb

MongoBleed CVE-2025-14847 Scanner and Exploitation Toolkit...

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.6 and earlier contain security vulnerabilities. These vulnerabilities stem from improper handling of the OGSKEYLEN parameter in the function...

kernel: i40e: add validation for ring_len param

A flaw was identified in the Intel “i40e” Ethernet driver in the Linux Kernel where the ringlen parameter supplied by a VF virtual function is passed unchecked to the hardware memory context. If a malicious Virtual function provides a too-large or misaligned ringlen, it may allow the device to...