Astra Linux - уязвимость в musl

The musl libc version up to 1.1.23 has an x87 floating-point stack adjustment imbalance, which is related to the math/i386/ directory. In some cases, using this library may lead to out-of-bounds writes, which are not present in an application’s source code...

Astra Linux - уязвимость в musl

In musl libc through 1.2.1, wcsnrtombs mishandles certain combinations of destination buffer size and source character limit, as demonstrated by an invalid write access buffer overflow...

Astra Linux - уязвимость в musl

Musl libc versions 0.9.13 through 1.2.5 before 1.2.6 have a out-of-bounds write vulnerability, which means that an attacker can trigger the iconv conversion of untrusted EUC-KR text to UTF-8...

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the...

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the...

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the...

CLSA-2026-1778174719 Fix CVE(s): CVE-2026-40684

SECURITY UPDATE: Crash via malformed DNS response on musl libc systems - debian/patches/CVE-2026-40684.patch: handle musl libc dnexpand backslash-decimal escape oddity in stringcopydnsdomain - CVE-2026-40684...

CLSA-2026-1778003565 Fix CVE(s): CVE-2026-40684, CVE-2026-40685, CVE-2026-40687

SECURITY UPDATE: out-of-bounds read in DNS reverse-lookup escape decoding when running against musl libc - debian/patches/CVE-2026-40684.patch: harden stringcopydnsdomain to consume 1, 2, or 3 digits incrementally instead of indexing past the input string when fewer than 3 digits follow a backsla...

CVE-2026-40684

A flaw was found in Exim, specifically on systems utilizing musl libc. A remote attacker can exploit this vulnerability by providing malformed DNS data within PTR records. This can lead to the mail transfer agent MTA connection instance crashing, resulting in a Denial of Service DoS for affected...

OESA-2026-2178 musl security update

musl is an implementation of the C standard library built on top of the Linux system call API, including interfaces defined in the base language standard, POSIX, and widely agreed-upon extensions. It is lightweight, fast, simple, free, and strives to be correct in the sense of standards conforman...

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dnexpand oddity in octal printing...

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dnexpand oddity in octal printing...

Exim 安全漏洞

Exim is an open-source message transfer agent MTA developed by Exim Foundation and running on Unix systems. It primarily handles the routing, forwarding, and delivery of emails. Prior to Exim 4.99.2, there was a security vulnerability. This vulnerability occurred due to an exception in the octal...

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dnexpand oddity in octal printing...

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc (not glibc), a vulnerability can crash the connection instance when malformed DNS PTR data is present. The issue arises from a dn_expand octal printing oddity in the handling of PTR records, as described in multiple sources. Affected software/comp...

PT-2026-36195

Name of the Vulnerable Software and Affected Versions Exim versions prior to 4.99.2 Description On systems using musl libc instead of glibc, an attacker can crash the connection instance by providing malformed DNS data in PTR records. This issue stems from an oddity in octal printing within the d...

EUVD-2026-26442

In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dnexpand oddity in octal printing...

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dnexpand oddity in octal printing...

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dnexpand oddity in octal printing...

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dnexpand oddity in octal printing...