SUSE CVE-2025-68156

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...

libceph: replace BUG_ON with bounds check for map->max_osd

...

GHSA-CFPF-HRX2-8RV6 Expr has Denial of Service via Unbounded Recursion in Builtin Functions

Several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse...

Expr has Denial of Service via Unbounded Recursion in Builtin Functions

Several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse...

EUVD-2025-203831

Expr has Denial of Service via Unbounded Recursion in Builtin Functions...

CVE-2025-68156

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...

EUVD-2025-203779

In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix fragment overflow handling in RX path The atlantic driver can receive packets with more than MAXSKBFRAGS 17 fragments when handling large multi-descriptor packets. This causes an out-of-bounds write in...

CVE-2025-68156 Expr has Denial of Service via Unbounded Recursion in Builtin Functions

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...

CVE-2025-68301

In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix fragment overflow handling in RX path The atlantic driver can receive packets with more than MAXSKBFRAGS 17 fragments when handling large multi-descriptor packets. This causes an out-of-bounds write in...

UBUNTU-CVE-2025-68283

In the Linux kernel, the following vulnerability has been resolved: libceph: replace BUGON with bounds check for map-maxosd OSD indexes come from untrusted network packets. Boundary checks are added to validate these against map-maxosd. idryomov: drop BUGON in cephgetprimaryaffinity, minor cosmet...

CVE-2025-68301 net: atlantic: fix fragment overflow handling in RX path

In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix fragment overflow handling in RX path The atlantic driver can receive packets with more than MAXSKBFRAGS 17 fragments when handling large multi-descriptor packets. This causes an out-of-bounds write in...

CVE-2025-68301 net: atlantic: fix fragment overflow handling in RX path

In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix fragment overflow handling in RX path The atlantic driver can receive packets with more than MAXSKBFRAGS 17 fragments when handling large multi-descriptor packets. This causes an out-of-bounds write in...

CVE-2025-68291

The CVE-2025-68291 issue affects the Linux kernel MPTCP path: in mptcp_do_fastclose(), rcv_mss was not initialised before triggering tcp_send_active_reset(), leading to a divide-by-zero in __tcp_select_window() for MPTCP sockets. The fix mirrors a prior bare-TCP patch by initialising rcv_mss (to ...

CVE-2025-68291 mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose().

In the Linux kernel, the following vulnerability has been resolved: mptcp: Initialise rcvmss before calling tcpsendactivereset in mptcpdofastclose. syzbot reported divide-by-zero in tcpselectwindow by MPTCP socket. 0 We had a similar issue for the bare TCP and fixed in commit 499350a5a6e7 "tcp:...

CVE-2025-68258

CVE-2025-68258 is a Linux kernel vulnerability in the comedi driver, specifically multiq3_attach(), where crafted config options could cause long task timeouts. Syzbot observed that setting s->n_chan via it->options[2] could trigger repeated multiq3_encoder_reset() calls, delaying processin...

CVE-2025-40354

CVE-2025-40354 affects the Linux kernel DRM/AMD display path. The fix increases the max link count (dc->links) from 12 to 14 to prevent an access overrun, and prevents a NULL pointer dereference to enc in link->enc for dpia non display_endpoint during hw_init. The vulnerability stemmed from...

PT-2025-51779

Name of the Vulnerable Software and Affected Versions Expr versions prior to 1.17.7 Description The Expr library, used for expression language and evaluation in Go, contains a flaw where certain builtin functions – including flatten, min, max, mean, and median – can cause a denial of service. The...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a lack of boundary checking for map-maxosd, which could lead to out-of-bounds access...

CVE-2025-67731 Servify Express does not enforce rate limiting when parsing JSON

Servify Express is a Node.js package to start an Express server and log the port it's running on. Prior to 1.2, the Express server used express.json without a size limit, which could allow attackers to send extremely large request bodies. This can cause excessive memory usage, degraded performanc...

USN-7925-1 c-ares vulnerability

It was discovered that c-ares incorrectly handled terminating certain queries after a maximum number of attempts. An attacker could possibly use this issue to cause c-ares to crash, resulting in a denial of service...