Lucene search
K

21 matches found

RedHat Linux
RedHat Linux
added 2026/05/28 2:41 a.m.55 views

kernel: netfilter: xt_tcpmss: check remaining length before reading optlen

A flaw was found in the Linux kernel, specifically within the netfilter: xttcpmss module. A remote attacker could exploit this vulnerability by sending a specially crafted TCP packet. The TCP option parser does not properly validate the remaining option length, which results in an out-of-bounds...

8.2CVSS5.8AI score0.00463EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/06 12:30 p.m.6 views

EUVD-2026-27750

In the Linux kernel, the following vulnerability has been resolved: netfilter: xttcpmss: check remaining length before reading optlen Quoting reporter: In net/netfilter/xttcpmss.c lines 53-68, the TCP option parser reads opi+1 directly without validating the remaining option length. If the last...

6AI score0.00463EPSS
Exploits0References9
CVE
CVE
added 2026/05/06 11:27 a.m.29 views

CVE-2026-43190

The CVE-2026-43190 issue affects the Linux kernel netfilter xt_tcpmss TCP option parser. The root cause is reading op[i+1] without validating the remaining option length, which can cause an out-of-bounds read when i+1 == optlen. This could access memory past the option boundary (stack buffer _opt...

8.2CVSS6AI score0.00463EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2026/03/26 11:16 a.m.3 views

CVE-2026-23397

In the Linux kernel, the following vulnerability has been resolved: nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check individual option length fields. A zero-length option causes nfosfmatchone ...

7.1CVSS0.00117EPSS
Exploits0References8
OSV
OSV
added 2026/03/26 11:16 a.m.4 views

DEBIAN-CVE-2026-23397

In the Linux kernel, the following vulnerability has been resolved: nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check individual option length fields. A zero-length option causes nfosfmatchone ...

7.1CVSS5.4AI score0.00117EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 10:22 a.m.21 views

CVE-2026-23397 nfnetlink_osf: validate individual option lengths in fingerprints

In the Linux kernel, the following vulnerability has been resolved: nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check individual option length fields. A zero-length option causes nfosfmatchone ...

0.00117EPSS
Exploits0References8
OSV
OSV
added 2026/03/26 10:22 a.m.3 views

CVE-2026-23397 nfnetlink_osf: validate individual option lengths in fingerprints

In the Linux kernel, the following vulnerability has been resolved: nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check individual option length fields. A zero-length option causes nfosfmatchone ...

7.1CVSS5.8AI score0.00117EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-23397

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check...

7.1CVSS5.9AI score0.00117EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.6 views

PT-2026-28330

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the nfnetlink osf module related to the validation of option lengths in network packet fingerprints. Specifically, the nfnl osf add callback...

7.8CVSS6AI score0.00119EPSS
Exploits0References76
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-3163

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.00373EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-38206

Malicious code in bioql PyPI...

7.3CVSS6.7AI score0.00437EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/02/17 9:22 a.m.2 views

Out-of-bounds read vulnerability in Cente middleware

Overview Some products in Cente middleware TCP/IP Network Series developed by DMG MORI Digital Co., LTD. and provided by NXTech Co., Ltd. treat TCP MSS option values improperly, leading to an out-of-bounds read vulnerability CWE-125, CVE-2025-23406. DMG MORI Digital Co., LTD. reported this...

5.3CVSS6.5AI score0.00373EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/16 5:20 a.m.4 views

CVE-2025-23406

Out-of-bounds read vulnerability caused by improper checking of TCP MSS option values exists in Cente middleware TCP/IP Network Series, which may lead to processing a specially crafted packet to cause the affected product crashed...

5.3CVSS6.7AI score0.00373EPSS
Exploits0References1
NVD
NVD
added 2025/02/14 5:15 a.m.8 views

CVE-2025-23406

Out-of-bounds read vulnerability caused by improper checking of TCP MSS option values exists in Cente middleware TCP/IP Network Series, which may lead to processing a specially crafted packet to cause the affected product crashed...

5.3CVSS0.00373EPSS
Exploits0References2
CVE
CVE
added 2025/02/14 4:24 a.m.61 views

CVE-2025-23406

CVE-2025-23406 describes an out-of-bounds read in the Cente middleware TCP/IP Network Series caused by improper checking of TCP MSS option values . The vulnerability affects the middleware’s handling of MSS values, and a specially crafted packet could cause the affected product to crash. Multiple...

5.3CVSS6.8AI score0.00373EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/06/09 5:30 p.m.12 views

CVE-2023-34100 Out-of-Bounds Read in contiki-ng

Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uipbuf. In particular, there is...

7.3CVSS6.9AI score0.00437EPSS
Exploits0References2
OSV
OSV
added 2023/06/09 5:30 p.m.4 views

CVE-2023-34100 Out-of-Bounds Read in contiki-ng

Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uipbuf. In particular, there is...

7.3CVSS6.8AI score0.00437EPSS
Exploits0References4
OSV
OSV
added 2020/12/11 10:15 p.m.1 views

DEBIAN-CVE-2020-13988

An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uipprocess in net/ipv4/uip.c...

7.5CVSS7.2AI score0.03912EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2013/01/24 12:0 a.m.262 views

RHEL 5 : kernel (RHSA-2012:1347)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1347 advisory. - kernel: Buffer overflow in the HFS plus filesystem different issue than CVE-2009-4020 CVE-2012-2319 - kernel: sfc: potential remote denial...

7.8CVSS6.9AI score0.06158EPSS
Exploits3References6
RedHat Linux
RedHat Linux
added 2012/10/02 5:38 p.m.2 views

kernel: sfc: potential remote denial of service through TCP MSS option

The sfc aka Solarflare Solarstorm driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service DMA descriptor consumption and network-controller outage via crafted TCP packets that trigger a small MSS value...

7.8CVSS6.8AI score0.06158EPSS
Exploits1References4
Rows per page
Query Builder