603 matches found
GHSA-CH3Q-CW5R-F4HG ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation
Summary The SSH protocol parser trusted attacker-controlled length and count fields without first checking that the declared values fit within the containing packet. When a client connects to a malicious or compromised SSH server, the server can send a small, malformed packet containing an inner...
OESA-2026-2637 libsolv security update
A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when...
CVE-2026-46673 Russh: Unchecked CryptoVec allocation and growth handling is reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases
Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth...
kernel: dlm: validate length in dlm_search_rsb_tree
A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...
RUSTSEC-2026-0181 DoS vulnerability in HTTP/1.x chunked encoding parser triggered by maliciously crafted chunk lengths
When using the affected versions of the vibeio-http crate, an attacker could craft a malicious HTTP/1.x request with a large chunk length between usize::MAX - 1 and usize::MAX inclusive and send it, causing the server to crash integer overflow panic in debug builds, splitto out of bounds panic in...
DoS vulnerability in HTTP/1.x chunked encoding parser triggered by maliciously crafted chunk lengths
When using the affected versions of the vibeio-http crate, an attacker could craft a malicious HTTP/1.x request with a large chunk length between usize::MAX - 1 and usize::MAX inclusive and send it, causing the server to crash integer overflow panic in debug builds, splitto out of bounds panic in...
CVE-2026-42285
A flaw was found in GoBGP 4.4.0. A crafted BGP UPDATE with inconsistent attribute lengths mishandles the withdraw state transition in AdjRib.Update, causing a nil pointer dereference and full process crash. Fixed in GoBGP 4.5.0. Mitigation Upgrade to GoBGP 4.5.0 or later...
SUSE-SU-2026:22026-1 Security update for frr
This update for frr fixes the following issues: - CVE-2026-5107: Fixed an improper access controls in EVPN Type-2 Route Handler bsc1261013. - CVE-2026-28532: Harden TE/SR TLV iteration against malformed lengths bsc1263859. - CVE-2026-37457: Fix off-by-one error in FlowSpec operator array bounds...
CLSA-2026-1780132171 Fix of 25 CVEs
CVE-2025-68724 - crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid CVE-2025-68724 CVE-2025-71196 - phy: stm32-usphyc: Fix off by one in probe CVE-2025-71196 CVE-2026-23033 - dmaengine: omap-dma: fix dmapool resource leak in error paths CVE-2026-23033 CVE-2026-23049 -...
CVE-2026-44378
A flaw was found in Botan, a C++ cryptography library. A remote attacker could exploit this vulnerability by sending specially crafted Basic Encoding Rules BER data with indefinite length encodings. This could cause quadratic behavior in the parser, leading to a denial of service DoS due to...
CVE-2026-48684
FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the NetFlow v9 options template parser. In processnetflowv9optionstemplate src/netflowplugin/netflowv9collector.cpp, the scope parsing loop lines 224-229 iterates until scopesoffset reaches the attacker-controlled...
DEBIAN-CVE-2026-48684
FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the NetFlow v9 options template parser. In processnetflowv9optionstemplate src/netflowplugin/netflowv9collector.cpp, the scope parsing loop lines 224-229 iterates until scopesoffset reaches the attacker-controlled...
CVE-2026-48688
FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MPREACHNLRI IPv6 attribute decoder. The function decodempreachipv6 in src/bgpprotocol.cpp contains a TODO comment at line 156 explicitly acknowledging 'we should add sanity checks to avoid reads after...
PT-2026-43275
Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description Multiple out-of-bounds reads exist in the BGP MP REACH NLRI IPv6 attribute decoder. The decode mp reach ipv6 function in src/bgp protocol.cpp casts raw pointers to structure typ...
EUVD-2026-31844
FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MPREACHNLRI IPv6 attribute decoder. The function decodempreachipv6 in src/bgpprotocol.cpp contains a TODO comment at line 156 explicitly acknowledging 'we should add sanity checks to avoid reads after...
Denial Of Service (DoS)
Wire is vulnerable to Denial of Service DoS. The vulnerability is due to improper validation of negative lengths in protobuf group-skipping logic, which allows an attacker to trigger an unchecked runtime exception and crash applications processing crafted protobuf payloads...
CLSA-2026-1779465893 postgresql: Fix of CVE-2026-6473
CVE-2026-6473: tsearch: bound StartSel/StopSel/FragmentDelimiter length to PGINT16MAX in tsheadline - CVE-2026-6473: contrib/ltree: guard lquery parsing against numvar and totallen wraparound - CVE-2026-6473: regex: add overflow-checked MALLOCARRAY/REALLOCARRAY and bound NFA state/color products...
GHSA-G9F8-WQJ9-FJW5 Russh: Unchecked CryptoVec allocation and growth handling is reachable
Title Unchecked CryptoVec allocation and growth handling was reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases Summary CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths...
PT-2026-42625
Title Unchecked CryptoVec allocation and growth handling was reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases Summary CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths...
Astra Linux – Vulnerability in Linux 5.10, Linux
A vulnerability was discovered in the Linux kernel before version 5.16.12. In the file drivers/net/usb/sr9700.c, attackers can obtain sensitive information from heap memory by using crafted frame lengths from a device...