CVE-2026-23244

In the Linux kernel, the following vulnerability has been resolved: nvme: fix memory allocation in nvmeprreadkeys nvmeprreadkeys takes numkeys from userspace and uses it to calculate the allocation size for rse via structsize. The upper limit is PRKEYSMAX 64K. A malicious or buggy userspace can...

CVE-2026-23244

CVE-2026-23244 affects the Linux kernel and stems from nvme_pr_read_keys() allocating memory based on a user-supplied num_keys value. The code uses num_keys to determine the rse allocation size up to an upper limit PR_KEYS_MAX (64K). A malicious or buggy userspace input can cause a kzalloc-based ...

CVE-2025-71267

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop triggered by zero-sized ATTRLIST We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service DoS condition. A malformed NTFS image can cause an infinite loop when an...

CVE-2025-71267 fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop triggered by zero-sized ATTRLIST We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service DoS condition. A malformed NTFS image can cause an infinite loop when an...

CVE-2025-71267

CVE-2025-71267 : In the Linux kernel ntfs3 file system, a flaw in ATTR_LIST handling can cause an infinite loop and DoS during mount. Specifically, when ntfs_load_attr_list() processes a resident ATTR_LIST with data_size set to zero, memory is still allocated due to al_aligned(0), leaving ni->...

CVE-2026-32836

An uncontrolled memory allocation vulnerability has been discovered in the drlibs library. The drflacreadanddecodemetadata function allows attackers to trigger excessive memory allocation by supplying crafted PICTURE metadata blocks. Attackers can exploit attacker-controlled mimeLength and...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of the numkeys value provided by the user in the nvmeprreadkeys function. This...

Linux Distros Unpatched Vulnerability : CVE-2026-23244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvme: fix memory allocation in nvmeprreadkeys nvmeprreadkeys takes numkeys from userspace and uses it to calculate the allocation size for rse via structsize. T...

PT-2026-26202

Name of the Vulnerable Software and Affected Versions DeepDiff versions 5.0.0 through 8.6.1 Description DeepDiff is a Python project for deep difference and search of data. The pickle unpickler RestrictedUnpickler validates which classes can be loaded but does not limit their constructor argument...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the possibility that the xchkxfiledescr macro call for kasprintf may fail, potentially leading to memor...

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the drflacreadanddecodemetadata function. An attacker can cause excessive memory allocation by supplying crafted FLAC streams with maliciously controlled mimeLength and descriptionLength...

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the drflacreadanddecodemetadata function. An attacker can cause excessive memory allocation by supplying crafted FLAC streams with maliciously controlled mimeLength and descriptionLength...

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the drflacreadanddecodemetadata function. An attacker can cause excessive memory allocation by supplying crafted FLAC streams with maliciously controlled mimeLength and descriptionLength...

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the drflacreadanddecodemetadata function. An attacker can cause excessive memory allocation by supplying crafted FLAC streams with maliciously controlled mimeLength and descriptionLength...

CVE-2026-32836 mackron / dr_libs dr_flac.h Excessive Memory Allocation in PICTURE Metadata Parsing

drlibs drflac.h version 0.13.3 and earlier fixed in commits fefced4, 4f5a4cd, and 663239a contain an uncontrolled memory allocation vulnerability in drflacreadanddecodemetadata that allows attackers to trigger excessive memory allocation by supplying crafted PICTURE metadata blocks. Attackers can...

CVE-2026-32836

CVE-2026-32836 affects dr_libs up to version 0.13.3, where drflac__read_and_decode_metadata() can trigger uncontrolled memory allocation via crafted PICTURE metadata blocks. Attackers can set attacker-controlled mimeLength and descriptionLength to cause memory exhaustion and denial of service whi...

dr_libs 安全漏洞

drlibs is an audio decoding library developed by David Reid as a personal project in C/C++. Versions of drlibs prior to 0.13.3 contain security vulnerabilities. These vulnerabilities stem from the drflacreadanddecodemetadata function, which involves uncontrolled memory allocation. This could allo...

EulerOS Virtualization 2.10.0 : libarchive (EulerOS-SA-2026-1558)

According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when...

PT-2026-26148

Name of the Vulnerable Software and Affected Versions Sliver versions 1.7.3 and below Description Sliver is a command and control framework that utilizes a custom Wireguard network stack. Versions 1.7.3 and below contain a Remote Out-of-Memory OOM issue in the mTLS and WireGuard C2 transport laye...

OPENSUSE-SU-2026:20366-1 Security update for docker-stable

This update for docker-stable fixes the following issues: - CVE-2025-58181: Fixed unbounded memory consumption. bsc1253904 - CVE-2025-30204: Fixed a bug in jwt-go which allows excessive memory allocation during header parsing. bsc1240513...