gnutls: gnutls: Authentication Bypass via NUL Character in Username

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

Astra Linux - уязвимость в php7.3

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26, and 8.0.x below 8.0.13, certain XML parsing functions, such as simplexmlloadfile, decode the filename passed to them using URL encoding. If the filename contains a URL-encoded NUL character, this may cause the function to interpret this as t...

SUSE CVE-2026-39836

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

CVE-2026-39836

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

CVE-2026-39836

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

ALPINE-CVE-2026-42010

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

CVE-2026-42010

CVE-2026-42010 affects gnutls where servers using RSA-PSK incorrectly match usernames containing a NUL character, causing truncation and an authentication bypass. A remote attacker could exploit by sending a crafted username to gain unauthorized access. Connected advisories confirm a patch: Root ...

CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

CVE-2026-42010

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

GnuTLS 安全漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. There is a security vulnerability in gnutls, which stems from the incorrect matching of usernames containing the NUL character with truncated username...

GHSA-M2PG-C7M6-77PJ uutils coreutils has an Improper Input Validation Issue in its cut Utility

A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' two single quotes as an empty delimiter. The implementation mistakenly maps this string to the NUL character for both the -d delimiter and --output-delimiter options. Th...

PT-2025-51194

In the Eclipse OMR compiler component, since release 0.7.0, an optimization enabled for Eclipse OpenJ9 consumers of OMR on Z processors incorrectly handles NUL 0x00 characters during the Latin-compatible charset UTF-8, ISO8859-1, ASCII, etc to IBM-1047/037 translation sequence. This can cause the...

OESA-2024-2531 libsoup3 security update

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. Security Fixes: GNOME libsoup before 3.6.0 allows HTTP request smuggling in some...

AIOHTTP has problems in HTTP parser (the python one, not llhttp)

Summary The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTPNOEXTENSIONS is enabled or not using a prebuilt wheel. Details Bug 1: Bad parsing of Content-Length values Description RFC 9110 says this:...

CVE-2023-5719 Red Lion Crimson Improper Neutralization of Null Byte or NUL Character

The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent % character, invalid values will be included, potentially truncating...

NuProcess vulnerable to command-line injection through insertion of NUL character(s)

Impact In all the versions of NuProcess where it forks processes by using the JVM's JavajavalangUNIXProcessforkAndExec method 1.2.0+, attackers can use NUL characters in their strings to perform command line injection. Java's ProcessBuilder isn't vulnerable because of a check in...

Ubuntu 18.04 LTS / 20.04 LTS : PHP vulnerabilities (USN-5300-2)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5300-2 advisory. USN-5300-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Tenable ha...

CVE-2021-21707

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...

DEBIAN-CVE-2021-3910

OctoRPKI crashes when encountering a repository that returns an invalid ROA just an encoded NUL \0 character...

NUL character in ROA causes OctoRPKI to crash

OctoRPKI crashes when encountering a repository that returns an invalid ROA just an encoded NUL \0 character. Patches For more information If you have any questions or comments about this advisory email us at [email protected]...