Astra Linux – Vulnerability in musl

Musl libc versions 0.9.13 through 1.2.5 before 1.2.6 have a out-of-bounds write vulnerability, which means that an attacker can trigger the iconv conversion of untrusted EUC-KR text to UTF-8...

Astra Linux – Vulnerability in musl

In musl libc through 1.2.1, wcsnrtombs mishandles certain combinations of destination buffer size and source character limit, as demonstrated by an invalid write access buffer overflow...

Astra Linux – Vulnerability in musl

The musl libc version up to 1.1.23 has an x87 floating-point stack adjustment imbalance, which is related to the math/i386/ directory. In some cases, using this library may lead to out-of-bounds writes, which are not present in an application’s source code...

Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability

Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core SignalR and Blazor Server. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service...

FreeBSD : h2o -- stack overflow serving static files on musl libc (644d5e6c-1bd9-4904-8440-16c04100a2e1)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 644d5e6c-1bd9-4904-8440-16c04100a2e1 advisory. h2o project reports: When serving static files, h2o can allocate a file path on the stack using alloca...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can exhaust system resources by sending specially crafted requests over the network, resulting in service unavailability for legitimate users. Remediation Upgrade...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can exhaust system resources by sending specially crafted requests over the network, resulting in service unavailability for legitimate users. Remediation Upgrade...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can exhaust system resources by sending specially crafted requests over the network, resulting in service unavailability for legitimate users. Remediation Upgrade...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper link resolution before file access. An attacker can modify local files by exploiting symbolic links to redirect file operations to unintended locations. Remediation Upgrade...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper link resolution before file access. An attacker can modify local files by exploiting symbolic links to redirect file operations to unintended locations. Remediation Upgrade...

h2o -- stack overflow serving static files on musl libc

h2o project reports: When serving static files, h2o can allocate a file path on the stack using alloca. On systems using musl libc, a large allocation can exceed the default pthread stack size and crash the server, causing a denial of service...

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the...

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the...

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the...

CLSA-2026-1778174719 Fix CVE(s): CVE-2026-40684

SECURITY UPDATE: Crash via malformed DNS response on musl libc systems - debian/patches/CVE-2026-40684.patch: handle musl libc dnexpand backslash-decimal escape oddity in stringcopydnsdomain - CVE-2026-40684...

CLSA-2026-1778003565 Fix CVE(s): CVE-2026-40684, CVE-2026-40685, CVE-2026-40687

SECURITY UPDATE: out-of-bounds read in DNS reverse-lookup escape decoding when running against musl libc - debian/patches/CVE-2026-40684.patch: harden stringcopydnsdomain to consume 1, 2, or 3 digits incrementally instead of indexing past the input string when fewer than 3 digits follow a backsla...

CVE-2026-40684

A flaw was found in Exim, specifically on systems utilizing musl libc. A remote attacker can exploit this vulnerability by providing malformed DNS data within PTR records. This can lead to the mail transfer agent MTA connection instance crashing, resulting in a Denial of Service DoS for affected...

OESA-2026-2178 musl security update

musl is an implementation of the C standard library built on top of the Linux system call API, including interfaces defined in the base language standard, POSIX, and widely agreed-upon extensions. It is lightweight, fast, simple, free, and strives to be correct in the sense of standards conforman...

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dnexpand oddity in octal printing...

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc (not glibc), a vulnerability can crash the connection instance when malformed DNS PTR data is present. The issue arises from a dn_expand octal printing oddity in the handling of PTR records, as described in multiple sources. Affected software/comp...