28 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: In tomoyowritecontrol, do not emit a warning. syzbot reports a “too-large allocation” warning in tomoyowritecontrol. It’s possible to write a very long line without a newline character. To fix this warning, I use GFPNOWARN instea...
CVE-2026-39414
CVE-2026-39414 affects MinIO’s S3 Select CSV parsing. The CSV reader’s nextSplit() calls ReadBytes('\n') without a size limit, causing unbounded buffering and memory exhaustion (OOM) when processing long lines; a file with no newline can trigger a single large allocation. This can be exploited by...
CVE-2024-58085
In the Linux kernel, the following vulnerability has been resolved: tomoyo: don't emit warning in tomoyowritecontrol syzbot is reporting too large allocation warning at tomoyowritecontrol, for one can write a very very long line without new line character. To fix this warning, I use GFPNOWARN...
pam security update
1.3.1-36.0.1 - pamlimits: fix use after free in pamsmopensession Orabug: 36272695 1.3.1-36 - pamaccess: rework resolving of tokens as hostname. Resolves: CVE-2024-10963 and RHEL-66242 1.3.1-35 - pamunix: always run the helper to obtain shadow password file entries. CVE-2024-10041. Resolves:...
Coreutils: heap overflow in split --line-bytes with very long lines
...
golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm
A flaw was discovered in Go's net/http standard library package. When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the...
UBUNTU-CVE-2024-26622
In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyowritecontrol Since tomoyowritecontrol updates head-writebuf when write of long lines is requested, we need to fetch head-writebuf after head-iosem is held. Otherwise, concurrent write requests c...
avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket
A flaw was found in avahi. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the clientwork function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of th...
PT-2024-1284
Name of the Vulnerable Software and Affected Versions: GNU coreutils versions affected versions not specified Description: A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line bytes split...
SUSE CVE-2023-48232
Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues o...
Vim Security Vulnerabilities
Vim is a cross-platform text editor. A security vulnerability exists in versions prior to Vim v9.0.2107, which stems from a floating point exception that may occur when calculating line offsets for extra-long lines and enabling smooth scrolling and the cpo setting contains the n flag...
avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket
A flaw was found in avahi. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the clientwork function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of th...
git: gitattributes parsing integer overflow
A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These...
SUSE CVE-2003-0792
Fetchmail 6.2.4 and earlier does not properly allocate memory for long lines, which allows remote attackers to cause a denial of service crash via a certain email...
SUSE CVE-2015-5277
The getcontents function in nssfiles/files-XXX.c in the Name Service Switch NSS in GNU C Library aka glibc or libc6 before 2.20 might allow local users to cause a denial of service heap corruption or gain privileges via a long line in the NSS files database...
git: gitattributes parsing integer overflow
A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These...
CLSA-2022-1659637855 Fixed CVEs in vim: CVE-2022-2344, CVE-2022-2345, CVE-2022-2522, CVE-2022-2343
CVE-2022-2345: fix using freed memory with recursive substitute - CVE-2022-2344: fix reading past end of completion with duplicate match - CVE-2022-2343: fix reading past end of completion with a long line and 'infercase' set - CVE-2022-2522: fix accessing uninitialized memory when completing...
python security and bug fix update
2.7.5-58.0.1 - Add Oracle Linux distribution in platform.py orabug 20812544 2.7.5-58 - Set stream to None in case an open fails. Resolves: rhbz1432003 2.7.5-57 - Fix implicit declaration warnings of functions added by patches 147 and 265 Resolves: rhbz1441237 2.7.5-56 - Fix shutil.makearchive...
USN-2985-2 eglibc, glibc regression
USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for CVE-2014-9761 introduced a regression which affected applications that use the libm library but were not fully restarted after the upgrade. This update removes the fix for CVE-2014-9761 and a future update will be provided to...
DEBIAN-CVE-2015-5277
The getcontents function in nssfiles/files-XXX.c in the Name Service Switch NSS in GNU C Library aka glibc or libc6 before 2.20 might allow local users to cause a denial of service heap corruption or gain privileges via a long line in the NSS files database...