Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevents stack overflow in mlxbfi2csmbusstarttransaction The memcpy function is called in a loop, without checking the upper bound of 'operation-length', and 'dataidx' is also incremented...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: net/sched: actapi: fixed a possible infinite loop in tcfidrcheckalloc The syzbot detected tasks that were stuck while waiting for rtnllock 1 A reproducer is available in the syzbot bug. When a request to add multiple actions...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: dm snapshot: fixed the lockup issue in dmexceptiontableexit. A lockup was reported when exiting a snapshot with many exceptions. This issue has been fixed by adding “condresched” to the loop that frees the exceptions...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: filemap: Fixing the bounds checking in filemapread. If the caller provides an iocb-kipos value that is close to the upper limit of the filesystem, and an iterator with a count that causes us to exceed that limit, then filemapread...

Astra Linux - уязвимость в elfutils

In elfutils 0.183, an infinite loop was discovered in the function handlesymtab in readelf.c. This allows attackers to cause a denial of service infinite loop through a crafted file...

Astra Linux - уязвимость в exiv2

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was discovered in Exiv2 versions v0.27.4 and earlier. This infinite loop occurs when Exiv2 is used to modify the metadata of a specially crafted image file. ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs/eventpoll: Fixed an infinite busy loop after the timeout period has expired. After the commit 0a65bc27bd64 “eventpoll: Sets the epoll timeout if it’s in the future”, the following program would immediately enter an infinite bu...

Astra Linux - уязвимость в libx11, libxpm

A vulnerability was discovered in libX11 due to an infinite loop within the PutSubImage function. This flaw allows a local user to consume all available system resources and cause a denial of service condition...

Astra Linux - уязвимость в pillow

A issue was discovered in Pillow before version 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop during loading...

Astra Linux - уязвимость в exiv2

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit this vulnerability to cause a denial of...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fsdax: Fixed an infinite loop in daxiomaprw. I encountered an infinite loop and a warning message when executing the tail command in virtiofs. The warning message reads: CPU: 10 PID: 964 at fs/iomap/iter.c:34 iomapiter+0x3a2/0x3d...

Astra Linux - уязвимость в binutils

A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in the GNU Binutils through version 2.31. There is an integer overflow and an infinite loop caused by the ISCONTAINEDBYLMA macro in elf.c...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: afs: Fixed page leakage There is a loop in afaxtendwriteback that adds extra pages to the write operation. We want to improve the efficiency of this write-back process by making it larger. However, this loop stops if we...

Astra Linux - уязвимость в wireshark

In Wireshark versions up to 3.2.7, the Facebook Zero Protocol also known as FBZERO dissector could enter an infinite loop. This issue was addressed in the epan/dissectors/packet-fbzero.c file by correcting the implementation of offset advancement...

Astra Linux - уязвимость в p7zip

7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition in affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability, but the attack vectors may vary depending ...

Astra Linux - уязвимость в python-tornado

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server’s event loop for an extended period, due to the use of the HTTPHeaders.add method. This method accumulates values using string...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: validate inner IPv4 header length in IPTFS payload Validation of the totlen and ihl fields of the inner IPv4 packet has been added to the processing of decrypted IPTFS payloads in inputprocesspayload. A crafted ESP...

Astra Linux - уязвимость в libsoup2.4

GNOME libsoup before version 3.6.1 has an infinite loop and consumes a large amount of memory during the reading of certain patterns of WebSocket data from clients...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nilfs2: A infinite loop has been fixed in nilfsmdtgetblock. If the disk image that nilfs2 mounts is corrupted, and the virtual block address obtained through block lookup for a metadata file is invalid, nilfsbmaplookupatlevel may...

Astra Linux - уязвимость в wireshark

In Wireshark versions 3.2.0 to 3.2.4, the GVCP dissector could enter an infinite loop. This issue was addressed in the epan/dissectors/packet-gvcp.c file by ensuring that the offset increased in all situations...