21 matches found
kernel: netfilter: xt_tcpmss: check remaining length before reading optlen
A flaw was found in the Linux kernel, specifically within the netfilter: xttcpmss module. A remote attacker could exploit this vulnerability by sending a specially crafted TCP packet. The TCP option parser does not properly validate the remaining option length, which results in an out-of-bounds...
EUVD-2026-27750
In the Linux kernel, the following vulnerability has been resolved: netfilter: xttcpmss: check remaining length before reading optlen Quoting reporter: In net/netfilter/xttcpmss.c lines 53-68, the TCP option parser reads opi+1 directly without validating the remaining option length. If the last...
CVE-2026-43190
The CVE-2026-43190 issue affects the Linux kernel netfilter xt_tcpmss TCP option parser. The root cause is reading op[i+1] without validating the remaining option length, which can cause an out-of-bounds read when i+1 == optlen. This could access memory past the option boundary (stack buffer _opt...
CVE-2026-23397
In the Linux kernel, the following vulnerability has been resolved: nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check individual option length fields. A zero-length option causes nfosfmatchone ...
DEBIAN-CVE-2026-23397
In the Linux kernel, the following vulnerability has been resolved: nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check individual option length fields. A zero-length option causes nfosfmatchone ...
CVE-2026-23397 nfnetlink_osf: validate individual option lengths in fingerprints
In the Linux kernel, the following vulnerability has been resolved: nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check individual option length fields. A zero-length option causes nfosfmatchone ...
CVE-2026-23397 nfnetlink_osf: validate individual option lengths in fingerprints
In the Linux kernel, the following vulnerability has been resolved: nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check individual option length fields. A zero-length option causes nfosfmatchone ...
Linux Distros Unpatched Vulnerability : CVE-2026-23397
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check...
PT-2026-28330
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the nfnetlink osf module related to the validation of option lengths in network packet fingerprints. Specifically, the nfnl osf add callback...
EUVD-2025-3163
Malicious code in bioql PyPI...
EUVD-2023-38206
Malicious code in bioql PyPI...
Out-of-bounds read vulnerability in Cente middleware
Overview Some products in Cente middleware TCP/IP Network Series developed by DMG MORI Digital Co., LTD. and provided by NXTech Co., Ltd. treat TCP MSS option values improperly, leading to an out-of-bounds read vulnerability CWE-125, CVE-2025-23406. DMG MORI Digital Co., LTD. reported this...
CVE-2025-23406
Out-of-bounds read vulnerability caused by improper checking of TCP MSS option values exists in Cente middleware TCP/IP Network Series, which may lead to processing a specially crafted packet to cause the affected product crashed...
CVE-2025-23406
Out-of-bounds read vulnerability caused by improper checking of TCP MSS option values exists in Cente middleware TCP/IP Network Series, which may lead to processing a specially crafted packet to cause the affected product crashed...
CVE-2025-23406
CVE-2025-23406 describes an out-of-bounds read in the Cente middleware TCP/IP Network Series caused by improper checking of TCP MSS option values . The vulnerability affects the middleware’s handling of MSS values, and a specially crafted packet could cause the affected product to crash. Multiple...
CVE-2023-34100 Out-of-Bounds Read in contiki-ng
Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uipbuf. In particular, there is...
CVE-2023-34100 Out-of-Bounds Read in contiki-ng
Contiki-NG is an open-source, cross-platform operating system for IoT devices. When reading the TCP MSS option value from an incoming packet, the Contiki-NG OS does not verify that certain buffer indices to read from are within the bounds of the IPv6 packet buffer, uipbuf. In particular, there is...
DEBIAN-CVE-2020-13988
An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uipprocess in net/ipv4/uip.c...
RHEL 5 : kernel (RHSA-2012:1347)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1347 advisory. - kernel: Buffer overflow in the HFS plus filesystem different issue than CVE-2009-4020 CVE-2012-2319 - kernel: sfc: potential remote denial...
kernel: sfc: potential remote denial of service through TCP MSS option
The sfc aka Solarflare Solarstorm driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service DMA descriptor consumption and network-controller outage via crafted TCP packets that trigger a small MSS value...