BIT-PYTHON-MIN-2026-4224 Stack overflow parsing XML with deeply nested DTD content models

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

BIT-LIBPYTHON-2026-4224 Stack overflow parsing XML with deeply nested DTD content models

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the string machinery provided by the tracing subsystem to create a copy of the string literals used in the “nested VM-Enter failed” tracepoint. A complete...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x8664 lacks consistency checks for CR0 and CR4...

Astra Linux - уязвимость в snakeyaml

The package org.yaml:snakeyaml in versions 0 and earlier than 1.31 is vulnerable to Denial of Service DoS attacks due to a missing nested depth limitation in collections...

Astra Linux - уязвимость в python2.7, python3.11, python3.7

When constructing nested elements using XMLDom.minidom methods like appendChild, which rely on clearidcache, the algorithm has a quadratic complexity. This can affect the availability of documents when they are constructed with excessively nested structures...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR34:0 when loading PDPTEs from memory Ignore nCR34:0 when loading PDPTEs from memory for nested SVMs. When PAE paging is used, the bits 4:0 of the CR3 register are ignored, and thus VMRUN does not enforce a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Removed a user-triggered WARN message in nestedsvmloadcr3. The WARN message in svmsetnestedstate in nestedsvmloadcr3 was removed. This is because it is trivially easy for userspace to trigger this message by modifying...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM – Check instead of asserting on nested TSC scaling support Check for nested TSC scaling support on nested SVM VMRUN instead of asserting that TSC scaling is exposed to L1 if L1’s MSRAMD64TSCRATIO has diverged from KVM’s...

Astra Linux - уязвимость в golang-1.19

Calling any of the Parse functions in Go source code that contains deeply nested literals can cause a panic due to stack exhaustion...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: nSVM: fixed a potential NULL dereference during nested migration. It turns out that due to feedback from reviews and/or changes in relocation locations, I accidentally moved the call to nestedsvmloadcr3 too early, befor...

Astra Linux - уязвимость в jackson-databind

In FasterXML Jackson-Databind before version 2.13.4, resource exhaustion can occur due to the lack of a check in BeanDeserializer.deserializeFromArray, which prevents the use of deeply nested arrays. An application becomes vulnerable only with certain customized choices for deserialization...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ignore -EBUSY when checking nested events from vcpublock Ignore -EBUSY when checking nested events after exiting a blocking state while L2 is active. Exiting to userspace will generate a spurious userspace exit, usually...

Astra Linux - уязвимость в sqlite3

In SQLite 3.31.1, there is an out-of-bounds access issue involving the ALTER TABLE operation for views that contain nested FROM clauses...

Astra Linux - уязвимость в libxslt

In numbers.c in libxslt before version 1.1.43, there is a use-after-free issue. This occurs because, in nested XPath evaluations, an XPath context node can be modified but cannot be restored. This issue is related to the functions xsltNumberFormatGetValue, xsltEvalXPathPredicate,...

Astra Linux - уязвимость в golang-1.19

Using Parse with a build tag line like "// +build" and deeply nested expressions can lead to a panic due to stack exhaustion...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: ice: Fixed a potential NULL pointer dereference in the icebridgesetlink function. The icebridgesetlink function may encounter a NULL pointer dereference if nlmsgfindattr returns NULL, and brspec is dereferenced subsequently ...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation. Each attribute within a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo. Therefore, the size of such an attribute must be at least sizeofstruct...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Loads the TSC multiplier of L1 based on L1’s state, not L2’s state. When emulating a nested VM-Exit, the TSC multiplier of L1 is loaded if L1’s desired ratio does not match the current ratio. This does not occur if L1’...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Forcibly leave nested virtualization mode when SMM state is toggled The nested virtualization mode is forcibly exited if the user space toggles the SMM state using KVMSETVCPUEVENTS or KVMSYNCX86EVENTS. If the user space...