CVE-2026-41257 jq: Signed-int overflow in `stack_reallocate` (jq VM stack)

jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB via deeply nested generator forks, the doubling arithmetic overflows. The wrapped value is passed to realloc and then used for ...

golang: cmd/compile: no-op interface conversion bypasses overlap checking

A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data...

PT-2026-39711

Name of the Vulnerable Software and Affected Versions jq versions prior to 1.8.2 Description The bytecode VM's data stack tracks its allocation size using a signed integer. When the stack grows beyond approximately 1 GiB through deeply nested generator forks, the doubling arithmetic overflows. Th...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: kdb: Buffer overflow issue during “tab-complete” operation has been fixed. Currently, when a user attempts symbol completion using the Tab key, kdb uses strncpy to insert the completed symbol into the command buffer. Unfortunatel...

Linux Distros Unpatched Vulnerability : CVE-2026-31474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: isotp: fix tx.buf use-after-free in isotpsendmsg isotpsendmsg uses only cmpxchg on so-tx.state to serialize access to so-tx.buf. isotprelease waits for...

CVE-2026-27144

The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory corruption at runtime...

CVE-2022-35086

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990229)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990229 advisory. In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989872)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989872 advisory. In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion...

Linux Distros Unpatched Vulnerability : CVE-2024-39480

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion with the Tab key, kdb will use strncpy to insert the completed...

AZL-69596 CVE-2025-22107 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105tabledeleteentry There are actually 2 problems: - deleting the last element doesn't require the memmove of elements i + 1, end over it. Actually, element i+1 is out of...

CVE-2025-22107 net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105tabledeleteentry There are actually 2 problems: - deleting the last element doesn't require the memmove of elements i + 1, end over it. Actually, element i+1 is out of...

AZL-47183 CVE-2024-42227 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix overlapping copy within dmlcoremodeprogramming WHY &modelib-mp.Watermark and &locals-Watermark are the same address. memcpy may lead to unexpected behavior. HOW memmove should be used...

DEBIAN-CVE-2024-39480

In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion with the Tab key, kdb will use strncpy to insert the completed symbol into the command buffer. Unfortunately it passes the size of t...

UBUNTU-CVE-2024-39480

In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion with the Tab key, kdb will use strncpy to insert the completed symbol into the command buffer. Unfortunately it passes the size of t...

BZip3 缓冲区错误漏洞

BZip3 is a better, faster and stronger compressor from the individual developer Kamila Szewczyk. A security vulnerability exists in BZip3 versions prior to 1.2.3, which stems from an invalid memory move in bz3decodeblock resulting in a denial of service...

SUSE CVE-2021-39254

A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfsattrrecordresize, in NTFS-3G 2021.8.22...

CVE-2022-35024

OTFCC commit 617837b was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S...

DEBIAN-CVE-2021-39254

A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfsattrrecordresize, in NTFS-3G 2021.8.22...

httpd: Push diary crash on specifically crafted HTTP/2 header

A flaw was found in Apache httpd in versions prior to 2.4.46. A specially crafted Cache-Digest header triggers negative argument to memmove that could lead to a crash and denial of service. The highest threat from this vulnerability is to system availability...