Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a lack of size checking in the commandfilewrite function of ibmasm, potentially leading to...

PraisonAI Vulnerable to Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits

Summary The safeextractall function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractall. An attacker can publish a malicious recipe bundl...

CVE-2025-1675

The function dnscopyqname in dnspack.c performs performs a memcpy operation with an untrusted field and does not check if the source buffer is large enough to contain the copied data...

SUSE CVE-2019-8922

A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer...

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.

...

CVE-2021-22752

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP Workspace file is being parsed by IGSS Definition...

Out-of-bounds

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP Workspace file is being parsed by IGSS Definition...

CVE-2021-22752

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP Workspace file is being parsed by IGSS Definition...

UBUNTU-CVE-2016-4049

The bgpdumproutesfunc function in bgpd/bgpdump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service assertion failure and daemon crash via a large BGP packet...

openSUSE Security Update : hivex (openSUSE-SU-2015:0189-1)

hivex was updated to fix a possible denial of service due to missing size checks bnc908614. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2015-89. The text description of this plugi...