589 matches found
CVE-2026-53224
A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. Specifically, improper validation of embedded INIT chunk and address list lengths in SCTP cookies could allow a remote attacker to trigger out-of-bounds reads. This could lead to information disclosur...
EUVD-2026-38381
MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions...
EUVD-2026-38386
MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths...
CVE-2026-53238
In the Linux kernel, the following vulnerability has been resolved: netlabel: validate unlabeled address and mask attribute lengths netlblunlabeladdrinfoget used the address attribute length to determine whether the attribute data could be read as an IPv4 or IPv6 address, but did not independentl...
CVE-2026-53224
In the Linux kernel, the following vulnerability has been resolved: sctp: validate embedded INIT chunk and address list lengths in cookie sctpunpackcookie only checked that the embedded INIT chunk length did not exceed the remaining cookie payload, but did not ensure that the INIT chunk is large...
CVE-2026-48510 MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths
MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray payloads, it reads declared uncompressed lengths from the wire and allocates output buffers based on those lengths before validating that the compressed...
CVE-2026-48515
MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's multi-dimensional array formatters read dimension lengths directly from the payload and allocate T,, T,,, or T,,, before validating that the dimension product matches the encoded element count. T...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: arm64: csum: Fixed an issue with OoB access in the IP checksum code for negative lengths. Although the commit c2c24edb1d9c “arm64: csum: Fix pathological zero-length calls” added an early return for zero-length inputs, syzkaller...
Astra Linux – Vulnerability in glib2.0
A flaw was discovered in Glib’s content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored as a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fmidi: fix MIDI Streaming descriptor lengths While the MIDI jacks are correctly configured, and the MIDIStreaming endpoint descriptors contain the correct information, the values of bNumEmbMIDIJack and bLength are se...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: LoongArch: csum: Fixed an OoB access issue in the IP checksum code for negative lengths. The commit 69e3a6aa6be2 “LoongArch: Added checksum optimization for 64-bit systems” causes an undefined shift and an out-of-bounds read...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: Always use READONCE to read the buffer lengths of the ring buffer. Since the buffers are mapped from the user space, it is prudent to use READONCE to read the values into a local variable, and use that data for any...
Astra Linux – Vulnerability in Linux 5.10, Linux
A vulnerability was discovered in the Linux kernel before version 5.16.12. In the file drivers/net/usb/sr9700.c, attackers can obtain sensitive information from heap memory by using crafted frame lengths from a device...
Astra Linux – Vulnerability in libfcgi
FastCGI fcgid2 also known as fcgi versions 2.x through 2.4.4 have a integer overflow vulnerability resulting in a heap-based buffer overflow due to crafted values for nameLen or valueLen in the data sent to the IPC socket. This issue occurs in the ReadParams function in fcgiapp.c...
GHSA-JM82-FX9C-MX94 pypdf: Missing stream length values ignore defined limits
Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream without a /Length value. Patches This has been fixed in pypdf==6.13.3. Workarounds If you cannot upgrade yet,...
CVE-2026-48979
The CVE concerns PHP PSL versions 6.1.0, 6.1.1, and 6.2.0 where Psl\H2\ServerConnection fails to validate that the DATA frame length matches the content-length declared in the HEADERS frame, enabling HTTP request smuggling. This affects clients using Psl\H2\ServerConnection directly to process un...
ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation
Summary The SSH protocol parser trusted attacker-controlled length and count fields without first checking that the declared values fit within the containing packet. When a client connects to a malicious or compromised SSH server, the server can send a small, malformed packet containing an inner...
GHSA-CH3Q-CW5R-F4HG ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation
Summary The SSH protocol parser trusted attacker-controlled length and count fields without first checking that the declared values fit within the containing packet. When a client connects to a malicious or compromised SSH server, the server can send a small, malformed packet containing an inner...
OESA-2026-2637 libsolv security update
A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when...
CVE-2026-46673 Russh: Unchecked CryptoVec allocation and growth handling is reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases
Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth...