CLSA-2025-1744390816 gnutls: Fix of CVE-2024-0567

CVE-2024-0567: detect loop in certificate chain...

Linux Distros Unpatched Vulnerability : CVE-2024-41042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection because a cycle will result in a call stack overflow ctx-level =...

kernel: netfilter: nf_tables: prefer nft_chain_validate

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection because a cycle will result in a call stack overflow ctx-level = NFTJUMPSTACKSIZE. It also follows maps via -validate callback in...

kernel: netfilter: nf_tables: prefer nft_chain_validate

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection because a cycle will result in a call stack overflow ctx-level = NFTJUMPSTACKSIZE. It also follows maps via -validate callback in...

SUSE CVE-2024-41042

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection because a cycle will result in a call stack overflow ctx-level = NFTJUMPSTACKSIZE. It also follows maps via -validate callback in...

DEBIAN-CVE-2024-41042

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection because a cycle will result in a call stack overflow ctx-level = NFTJUMPSTACKSIZE. It also follows maps via -validate callback in...

UBUNTU-CVE-2024-41042

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection because a cycle will result in a call stack overflow ctx-level = NFTJUMPSTACKSIZE. It also follows maps via -validate callback in...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a hit to the stack protection page due to an unbounded recursion that could result from old loop detection...

gnutls security update

3.7.6-23.4fips - Add FIPS package change: add fips suffix to Release and set Epoch to 10 Orabug: 35925409 - Update FIPS module name for Oracle Linux Orabug: 35925409 - Verify salt length and iteration count for PBKDF Orabug: 35925409 3.7.6-23.4 - Fix timing side-channel in deterministic ECDSA...

Design/Logic Flaw

An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams...

CVE-2018-7174

CVE-2018-7174 concerns xpdf 4.00 where an infinite loop in XRef::Xref can trigger denial of service. The loop detection exists only for tables, not streams, enabling potential resource exhaustion. Multiple connected sources (OSV, Debian/Ubuntu/Nessus/OSV entries, SUSE, OpenVAS, Fedora updates) co...

libxml2: stack exhaustion while parsing xml files in recovery mode

Missing recursive loop detection checks were found in the xmlParserEntityCheck and xmlStringGetNodeList functions of libxml2, causing application using the library to crash by stack exhaustion while building the associated data. An attacker able to send XML data to be parsed in recovery mode coul...

[musl] Security advisory for musl libc - remote stack-based buffer overflow in DNS response parsing [CVE-2014-3484]

A remote stack-based buffer overflow has been found in musl libc's dns response parsing code. The overflow can be triggered in programs linked against musl libc and making dns queries via one of the standard interfaces getaddrinfo, getnameinfo, gethostbyname, gethostbyaddr, etc. if one of the...

CVE-2011-2057

The CVE-2011-2057 issue affects Cisco IOS 12.2-era cat6000-dot1x: when handling dot1x ports, a loop between a dot1x-enabled port and an open-authentication or non-dot1x port can trigger a flood of STP BPDU frames, causing a denial of service (traffic storm). Affected product is Cisco IOS 12.2 bef...