Lucene search
K

589 matches found

RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-53224

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. Specifically, improper validation of embedded INIT chunk and address list lengths in SCTP cookies could allow a remote attacker to trigger out-of-bounds reads. This could lead to information disclosur...

9.1CVSS5.9AI score0.00547EPSS
Exploits0References4
EUVD
EUVD
added last week9 views

EUVD-2026-38381

MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
added last week6 views

EUVD-2026-38386

MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths...

7.5CVSS5.8AI score0.00236EPSS
Exploits0References2
Debian CVE
Debian CVE
added last week4 views

CVE-2026-53238

In the Linux kernel, the following vulnerability has been resolved: netlabel: validate unlabeled address and mask attribute lengths netlblunlabeladdrinfoget used the address attribute length to determine whether the attribute data could be read as an IPv4 or IPv6 address, but did not independentl...

5.6AI score0.00184EPSS
Exploits0
Debian CVE
Debian CVE
added last week3 views

CVE-2026-53224

In the Linux kernel, the following vulnerability has been resolved: sctp: validate embedded INIT chunk and address list lengths in cookie sctpunpackcookie only checked that the embedded INIT chunk length did not exceed the remaining cookie payload, but did not ensure that the INIT chunk is large...

9.1CVSS5.6AI score0.00547EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/22 9:16 p.m.3 views

CVE-2026-48510 MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray payloads, it reads declared uncompressed lengths from the wire and allocates output buffers based on those lengths before validating that the compressed...

6.3CVSS5.9AI score0.00236EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:10 p.m.5 views

CVE-2026-48515

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's multi-dimensional array formatters read dimension lengths directly from the payload and allocate T,, T,,, or T,,, before validating that the dimension product matches the encoded element count. T...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: csum: Fixed an issue with OoB access in the IP checksum code for negative lengths. Although the commit c2c24edb1d9c “arm64: csum: Fix pathological zero-length calls” added an early return for zero-length inputs, syzkaller...

5.5AI score0.00188EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in glib2.0

A flaw was discovered in Glib’s content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored as a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access...

2.8CVSS5.9AI score0.00139EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fmidi: fix MIDI Streaming descriptor lengths While the MIDI jacks are correctly configured, and the MIDIStreaming endpoint descriptors contain the correct information, the values of bNumEmbMIDIJack and bLength are se...

5.5CVSS6.2AI score0.00189EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: LoongArch: csum: Fixed an OoB access issue in the IP checksum code for negative lengths. The commit 69e3a6aa6be2 “LoongArch: Added checksum optimization for 64-bit systems” causes an undefined shift and an out-of-bounds read...

7.1CVSS6.7AI score0.00211EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: Always use READONCE to read the buffer lengths of the ring buffer. Since the buffers are mapped from the user space, it is prudent to use READONCE to read the values into a local variable, and use that data for any...

5.5CVSS5.9AI score0.00135EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10, Linux

A vulnerability was discovered in the Linux kernel before version 5.16.12. In the file drivers/net/usb/sr9700.c, attackers can obtain sensitive information from heap memory by using crafted frame lengths from a device...

5.5CVSS6.3AI score0.00338EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in libfcgi

FastCGI fcgid2 also known as fcgi versions 2.x through 2.4.4 have a integer overflow vulnerability resulting in a heap-based buffer overflow due to crafted values for nameLen or valueLen in the data sent to the IPC socket. This issue occurs in the ReadParams function in fcgiapp.c...

9.3CVSS7.3AI score0.00566EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 2:28 p.m.6 views

GHSA-JM82-FX9C-MX94 pypdf: Missing stream length values ignore defined limits

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream without a /Length value. Patches This has been fixed in pypdf==6.13.3. Workarounds If you cannot upgrade yet,...

6.9CVSS5.3AI score
Exploits0References4
CVE
CVE
added 2026/06/17 8:43 p.m.23 views

CVE-2026-48979

The CVE concerns PHP PSL versions 6.1.0, 6.1.1, and 6.2.0 where Psl\H2\ServerConnection fails to validate that the DATA frame length matches the content-length declared in the HEADERS frame, enabling HTTP request smuggling. This affects clients using Psl\H2\ServerConnection directly to process un...

7.5CVSS5.3AI score0.00267EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/12 9:2 p.m.16 views

ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation

Summary The SSH protocol parser trusted attacker-controlled length and count fields without first checking that the declared values fit within the containing packet. When a client connects to a malicious or compromised SSH server, the server can send a small, malformed packet containing an inner...

5.5AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/12 9:2 p.m.11 views

GHSA-CH3Q-CW5R-F4HG ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation

Summary The SSH protocol parser trusted attacker-controlled length and count fields without first checking that the declared values fit within the containing packet. When a client connects to a malicious or compromised SSH server, the server can send a small, malformed packet containing an inner...

6.9CVSS5.5AI score
Exploits0References3
OSV
OSV
added 2026/06/12 12:25 p.m.10 views

OESA-2026-2637 libsolv security update

A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when...

5.7AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 8:16 p.m.7 views

CVE-2026-46673 Russh: Unchecked CryptoVec allocation and growth handling is reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases

Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth...

7.5CVSS5.6AI score0.00263EPSS
Exploits0References1
Rows per page
Query Builder