CVE-2026-37535

openxc/isotp-c thru commit 5a5d19245f65189202719321facd49ce6f5d46ac 2021-08-09 contains an out-of-bounds read in the ISO-TP Single Frame receive handler, where the 4-bit payload length nibble is used directly as the memcpy size without validating it against the actual CAN data length. A malicious...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A out-of-bounds write vulnerability was discovered in the Linux kernel’s SLIMpro I2C device driver. The userspace variable “data-block0” was not bounded to a value between 0 and 255; instead, it was used as the size for a memcpy operation, potentially leading to data writing beyond the bounds of...

CVE-2026-37535

openxc/isotp-c thru commit 5a5d19245f65189202719321facd49ce6f5d46ac 2021-08-09 contains an out-of-bounds read in the ISO-TP Single Frame receive handler, where the 4-bit payload length nibble is used directly as the memcpy size without validating it against the actual CAN data length. A malicious...

EUVD-2026-26556

In the Linux kernel, the following vulnerability has been resolved: nvmem: zynqmpnvmem: Fix buffer size in DMA and memcpy Buffer size used in dma allocation and memcpy is wrong. It can lead to undersized DMA buffer access and possible memory corruption. use correct buffer size in dmaalloccoherent...

CVE-2026-37535

openxc/isotp-c thru commit 5a5d19245f65189202719321facd49ce6f5d46ac 2021-08-09 contains an out-of-bounds read in the ISO-TP Single Frame receive handler, where the 4-bit payload length nibble is used directly as the memcpy size without validating it against the actual CAN data length. A malicious...

CVE-2026-37535

OpenXC isotp-c (up to commit 5a5d19245f65189202719321facd49ce6f5d46ac, 2021-08-09) contains an out-of-bounds read in the ISO-TP Single Frame receive handler. The 4‑bit payload length nibble is used directly as the memcpy size without validating it against the actual CAN data length. A malicious C...

CVE-2023-54039

In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939tptxdatnew: fix out-of-bounds memory access In the j1939tptxdatnew function, an out-of-bounds memory access could occur during the memcpy operation if the size of skb-cb is larger than the size of struct...

UBUNTU-CVE-2023-54039

In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939tptxdatnew: fix out-of-bounds memory access In the j1939tptxdatnew function, an out-of-bounds memory access could occur during the memcpy operation if the size of skb-cb is larger than the size of struct...

CVE-2023-54039

The CVE-2023-54039 issue is in the Linux kernel’s CAN J1939 code, specifically j1939_tp_tx_dat_new(). The vulnerability arises when a memcpy uses skb->cb’s size, allowing an out-of-bounds read if skb->cb is larger than struct j1939_sk_buff_cb. The fix changes memcpy to use the size of struc...

SUSE CVE-2024-38623

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfssetlabel error: builtinmemcpy 'uni-name' too small 20 vs 256...

UBUNTU-CVE-2023-2194

An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data-block0" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dmabuffer. This flaw could allow a local privilege...

DEBIAN-CVE-2021-44496

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. Using crafted input, an attacker can control the size variable and buffer that is passed to a call to memcpy. An attacker can use this to overwrite key data structures and gain control of the flow of execution...

DEBIAN-CVE-2021-30019

In the adtsdmxprocess function in filters/reframeadts.c in GPAC 1.0.1, a crafted file may cause ctx-hdr.framesize to be smaller than ctx-hdr.hdrsize, resulting in size to be a negative number and a heap overflow in the memcpy...