Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: erofs/zmap.c: Corrected incorrect offset calculation The effective offset for adding to the length was incorrectly calculated, resulting in iomap-length being set to 0, which triggered a WARNON in iomapiterdone. This issue has be...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: A slab-out-of-bounds issue was fixed in smbstrndupfromutf16. If the -NameOffset of smb2createreq is smaller than the Buffer offset of smb2createreq, a slab-out-of-bounds read may occur from smb2open. This patch sets the...

Astra Linux - уязвимость в linux, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: A potential out-of-bounds error has been fixed when the buffer offset is invalid. I identified a potential out-of-bounds situation when the buffer offset fields of several requests are invalid. This patch sets the minimum...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fixed potential OOBs in smb2ParseContexts Validated offsets and lengths before dereferencing and creating contexts in smb2ParseContexts. This fixes the following OOPs when accessing invalid create contexts from th...

Astra Linux - уязвимость в wireshark

In Wireshark versions 3.2.0 to 3.2.4, the GVCP dissector could enter an infinite loop. This issue was addressed in the epan/dissectors/packet-gvcp.c file by ensuring that the offset increased in all situations...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: A out-of-bounds error in parsesecdesc has been fixed. If osidoffset, gsidoffset, and dacloffset can be greater than smbntsdstruct.size. If they are smaller, it may lead to an out-of-bounds situation. Additionally, when...

Astra Linux - уязвимость в wireshark

In Wireshark versions up to 3.2.7, the Facebook Zero Protocol also known as FBZERO dissector could enter an infinite loop. This issue was addressed in the epan/dissectors/packet-fbzero.c file by correcting the implementation of offset advancement...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/smc: Check smcdv2extoffset when receiving a proposal message. When receiving a proposal message from the server, the smcdv2extoffset field in the proposal message comes from the remote client, and cannot be fully trusted. If...

Astra Linux - уязвимость в imagemagick

Due to a missing check for the 0 value of replaceextent, it is possible for the offset p to overflow in SubstituteString, potentially affecting application availability. This issue can be triggered by an input file crafted with ImageMagick. The flaw affects ImageMagick versions prior to 7.0.8-68...

Astra Linux - уязвимость в libavif

In libavif before version 1.3.0, the makeRoom function in stream.c has an integer overflow, resulting in a buffer overflow at stream-offset+size...

CVE-2026-33642

Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handlecomposecommand function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to Heap Buffer...

CVE-2026-33642

Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handlecomposecommand function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to Heap Buffer...

CVE-2026-33642 Kitty has a Heap Buffer Over-Read/Write via Integer Overflow in compose_rectangles Bounds Check

Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handlecomposecommand function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to Heap Buffer...

EUVD-2026-30968

Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handlecomposecommand function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to Heap Buffer...

CLSA-2026-1779203444 gnutls: Fix of CVE-2026-33845

CVE-2026-33845: fix integer underflow and remote heap overrun in DTLS handshake reassembly by tracking startoffset and fraglength instead of an inclusive startoffset, endoffset range...

CLSA-2026-1779129979 vim: Fix of 3 CVEs

CVE-2022-0261: fix heap-based buffer overflow in blockinsert in src/ops.c - CVE-2022-0318: fix heap-based buffer overflow in utfheadoff in mbyte.c - CVE-2022-3520: clamp bopend.col = 0 in doput to prevent Visual block put underflow...

UBUNTU-CVE-2026-42584

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with an outbound request by queue.poll once per response, including for 1xx. If the client pipelines GET then HEAD and the server sends 103,...

CVE-2026-44215 NanaZip: Heap out-of-bounds write in NanaZip UFS directory parser

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of th...

CVE-2026-42443

NanaZip (open source archiver) contains a local-denial bug in its UFS/UFS2 filesystem image parser. From versions 5.0.1252.0 up to before 6.0.1698.0, an integer divide-by-zero occurs when opening a crafted UFS image where the superblock field fs_ipg (inodes per cylinder group) is zero. The parser...

Improper Memory Buffer Handling

uuid is vulnerable to Improper Memory Buffer Handling. The vulnerability is due to missing validation of buffer size and offset values during UUID generation, which allows an attacker to trigger silent partial writes into caller-provided buffers...