CVE-2025-59605

Memory Corruption when processing device identifier strings that exceed the expected maximum length...

EUVD-2025-210020

Memory Corruption when processing device identifier strings that exceed the expected maximum length...

CVE-2025-59605

Memory Corruption when processing device identifier strings that exceed the expected maximum length...

CVE-2025-59605

Memory Corruption when processing device identifier strings that exceed the expected maximum length...

CVE-2025-59605 Out-of-bounds Write in HLOS

Memory Corruption when processing device identifier strings that exceed the expected maximum length...

CVE-2025-59605

Technical details are not publicly available in the provided documents. No information on affected products, root cause, impact, or fixes is included. Monitor for updates and request vendor clarification when new data becomes available.

CVE-2025-59605 Out-of-bounds Write in HLOS

Memory Corruption when processing device identifier strings that exceed the expected maximum length...

PT-2026-45630

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs when processing device identifier strings that exceed the expected maximum length. Recommendations At the moment, there is no informatio...

EUVD-2026-27806

In the Linux kernel, the following vulnerability has been resolved: ntfs: -dcompare must not block ... so don't use getname there. Switch it and ntfsdhash, while we are at it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash almost certainly can do with smaller allocations, but let ntfs folks deal wit...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in many qmi element information structures accounts for null-terminated strings with a length of MAXLEN + 1. If a string actually has a length o...

PT-2026-34982

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the AF RXRPC procfs helpers, local and remote socket addresses are formatted into fixed 50-byte stack buffers using the %pISpc formatter. This buffer size is insufficient for the...

GHSA-F45G-68Q3-5W8X Elysia has a string URL format ReDoS

Impact t.String format: 'url' is vulnerable to redos Repeating a partial url format protocol and hostname multiple times cause regex to slow down significantly js 'http://a'.repeatn Here's a table demonstrating how long it takes to process repeated partial url format | n repeat | elapsedms | | --...

EUVD-2026-10527

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. The SICAM SIAPP SDK server component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process...

CVE-2026-29795

stellar-xdr is a library and CLI containing types and functionality for working with Stellar XDR. Prior to version 25.0.1, StringM::fromstr does not validate that the input length is within the declared maximum MAX. Calling StringM::::fromstrs where s is longer than N bytes succeeds and returns a...

CVE-2026-29795 stellar-xdr: `StringM::from_str` bypasses max length validation

stellar-xdr is a library and CLI containing types and functionality for working with Stellar XDR. Prior to version 25.0.1, StringM::fromstr does not validate that the input length is within the declared maximum MAX. Calling StringM::::fromstrs where s is longer than N bytes succeeds and returns a...

PT-2026-23612

Name of the Vulnerable Software and Affected Versions stellar-xdr versions prior to 25.0.1 Description The StringM::from str function does not properly validate the length of input strings. When calling StringM::::from strs with a string s exceeding the maximum allowed length N, the function...

Exploit for CVE-2025-4517

CVE-2025-4517 — Python tarfile filter="data" Bypass PoC P...

PT-2026-8018

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash SIGABRT when processing string literals longer...

SUSE-SU-2026:0423-1 Security update for python-brotlipy

This update for python-brotlipy fixes the following issues: - Add max length decompression bsc1254867, bsc1256017...

Mastodon security vulnerabilities

Mastodon is an open-source social networking server based on ActivityPub. Versions of Mastodon prior to v4.5.5, v4.4.12, and v4.3.18 contained security vulnerabilities. These vulnerabilities stemmed from the lack of enforcing a maximum length for list names, filter names, or filter keywords, whic...