200 matches found
CVE-2026-10652 Out-of-bounds read in Zephyr DNS resolver TXT/SRV record parsing (unvalidated `rdlength`)
Zephyr's DNS resolver subsys/net/lib/dns parses resource records from DNS responses in dnsunpackanswer, which validated only the fixed RR header type, class, TTL, rdlength and accepted any attacker-declared rdlength, including one extending past the end of the received datagram. The TXT and SRV...
CVE-2026-57080
Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via an uncapped peer-wire message-length prefix. The peer-wire framing in processmessages trusts the 4-byte length prefix sent by a connected peer with no upper bound, while receivedata appends every inbound byte to th...
PT-2026-52694
Name of the Vulnerable Software and Affected Versions libnfs versions prior to 6.0.2 Description An integer underflow occurs in the READ IOVEC section of the rpc read from socket function within lib/socket.c. This issue is triggered during a connection to a crafted NFS server when the expected PD...
389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS)
A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...
CVE-2026-44545 Unbounded WebSocket message and frame sizes can cause unauthenticated remote denial of service
daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 unlimited, an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory...
PT-2026-45940
daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 unlimited, an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory...
SUSE-SU-2026:21827-1 Security update for mcphost
This update for mcphost fixes the following issues - CVE-2025-30153: github.com/getkin/kin-openapi/openapi3filter: Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter bsc1264762. - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client...
EUVD-2026-31271
In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: validate portcount against message length in t7xxportenummsghandler t7xxportenummsghandler uses the modem-supplied portcount field as a loop bound over portmsg-data without checking that the message buffer contai...
CVE-2026-9064
A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: regmap: spi: Space was reserved for the register address/padding. Currently, the maximum values of maxrawread and maxrawwrite in the regmapspi structure do not take into account the additional size of the transmitted register...
Astra Linux – Vulnerability in glibc
When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information. This may lead to a buffer overflow if the size of the message string matches the page size...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ipv6: A retry logic was added in net6rtnotify. inet6rtnotify can only be called under RCU protection. This means that the route may be changed concurrently, and rt6fillnode might return -EMSGSIZE. The skb should be resized whe...
Astra Linux – Vulnerability in Linux 5.10
A vulnerability was discovered in the net/tipc/crypto.c file within the Linux kernel before version 5.14.16. The Transparent Inter-Process Communication TIPC functionality allows remote attackers to exploit a lack of sufficient validation of the user-supplied sizes for the MSGCRYPTO message type...
PT-2026-41968
Name of the Vulnerable Software and Affected Versions Mailpit affected versions not specified Description Unauthenticated remote attackers can cause a denial of service DoS by sending arbitrarily large messages via the SMTP server or the HTTP API. The application fails to enforce limits on the...
CVE-2026-43916 pam_authnft: Heap buffer overflow in NETLINK_SOCK_DIAG reply walker
pamauthnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peerlookuptcp src/peerlookup.c:134, prior to the fix allowed a crafted NETLINKSOCKDIAG reply to slip past the message-size check, then...
GHSA-PF94-94M9-536P Bandit Buffers Unbounded WebSocket Continuation Frames, Allowing Unauthenticated Memory Exhaustion
Summary A single unauthenticated WebSocket client can exhaust server memory in any Bandit-fronted application that accepts WebSocket connections. The fragmented-message reassembly path appends every Continuationfin: false frame's payload to a per-connection iolist with no cumulative size cap, so ...
Bandit Buffers Unbounded WebSocket Continuation Frames, Allowing Unauthenticated Memory Exhaustion
Summary A single unauthenticated WebSocket client can exhaust server memory in any Bandit-fronted application that accepts WebSocket connections. The fragmented-message reassembly path appends every Continuationfin: false frame's payload to a per-connection iolist with no cumulative size cap, so ...
CVE-2025-71291
The CVE-2025-71291 issue affects the Linux kernel bcm_vk_read() function, where a NULL entry dereference could occur if entry is NULL and rc is -EMSGSIZE, potentially causing system instability or DoS. The fix copies fields (to_h_msg, usr_msg_id, to_h_blks) from the iterator into temporary variab...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of unsigned integer arithmetic in the message size calculation function ipcvalidatemsg,...
CVE-2026-35547
When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system panic, and it may be possible for an unprivileged user to...