Lucene search
K

12 matches found

RedHat Linux
RedHat Linux
added 2026/07/01 6:46 p.m.5 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS5.8AI score0.00813EPSS
Exploits0References8
OSV
OSV
added 2026/06/18 9:16 p.m.7 views

DEBIAN-CVE-2025-15661

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...

6.5CVSS6AI score0.00267EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 9:16 p.m.3 views

UBUNTU-CVE-2025-15661

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...

8.3CVSS6AI score0.00267EPSS
Exploits0References6
CVE
CVE
added 2026/06/18 8:18 p.m.90 views

CVE-2025-15661

Summary (CVE-2025-15661): libssh2 up to 1.11.1 contains a heap over-read in the sftp_symlink() implementation (src/sftp.c). A crafted SSH_FXP_NAME response can cause a heap buffer over-read when a link_len value exceeds actual packet data during SFTP READLINK/REALPATH, due to missing validation o...

8.3CVSS5.4AI score0.00267EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/18 8:18 p.m.12 views

CVE-2025-15661 libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.c

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...

8.3CVSS6AI score0.00267EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 8:18 p.m.20 views

CVE-2025-15661 libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.c

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...

8.3CVSS0.00267EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/06/18 8:18 p.m.5 views

CVE-2025-15661

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...

8.3CVSS7.2AI score0.00267EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.2 views

MiracleLinux 8 : systemd-239-82.el8 (AXSA:2024-8329:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8329:02 advisory. systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes CVE-2023-7008 Tenable has extracted the preceding description block...

5.9CVSS5.6AI score0.00849EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/04/10 2:15 p.m.3 views

CVE-2025-32743

In ConnMan through 1.44, the lookup string in nsresolv in dnsproxy.c can be NULL or an empty string when the TC Truncated bit is set in a DNS response. This allows attackers to cause a denial of service application crash or possibly execute arbitrary code, because those lookup values lead to...

9CVSS8.2AI score0.00448EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/12/23 1:0 p.m.23 views

CVE-2023-7008 Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...

5.9CVSS5.9AI score0.00849EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.6 views

The vulnerability of the QDnsLookup component of the cross-platform framework for Qt software development allows a hacker to induce a service failure.

The vulnerability of the QDnsLookup component of the cross-platform framework for Qt software development relates to reading data from beyond the allowable buffer size. Exploiting this vulnerability allows a malicious actor to trigger a service failure by sending a specially crafted response from...

5.3CVSS6.1AI score0.00805EPSS
Exploits0References10Affected Software5
OSV
OSV
added 2017/06/28 6:29 a.m.2 views

DEBIAN-CVE-2017-9445

In systemd through 233, certain sizes passed to dnspacketnew in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and...

7.5CVSS8.1AI score0.55116EPSS
Exploits1References1
Rows per page
Query Builder